Applications Manager
Approved changes feed: RSS · Atom
cpe:2.3:a:manageengine:applications_manager:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Manageengine (b7eba64e-d5d7-5395-be8c-84fe138ee37e) |
|---|---|
| Product | Applications Manager (61b3f0cf-5771-570b-90af-8ce851915b9f) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-27930 |
vulnerable | 2026-06-03 15:00:13.525817 |
Stored XSS
MEDIUM (6.4)
Zohocorp ManageEngine Applications Manager versions 176600 and prior are vulnerable to stored cross-site scripting in the File/Directory monitor.
Published: 2025-07-23T10:20:09.411Z
Updated: 2026-02-26T17:50:17.158Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-5678 |
vulnerable | 2026-06-03 14:57:53.816175 |
SQL Injection
MEDIUM (4.7)
Zohocorp ManageEngine Applications Manager versions 170900 and below are vulnerable to the authenticated admin-only SQL Injection in the Create Monitor feature.
Published: 2024-08-01T06:54:25.601Z
Updated: 2024-08-02T15:40:34.779Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-41140 |
vulnerable | 2026-06-03 14:56:34.075029 |
Improper Authorization
HIGH (8.1)
Zohocorp ManageEngine Applications Manager versions 174000 and prior are vulnerable to the incorrect authorization in the update user function.
Published: 2025-01-29T11:14:50.910Z
Updated: 2025-02-12T19:51:14.429Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2016-9498 |
vulnerable | 2026-06-03 14:36:16.934963 |
ManageEngine Applications Manager 12 and 13, allows unserialization of unsafe Java objects
ManageEngine Applications Manager 12 and 13 before build 13200, allows unserialization of unsafe Java objects. The vulnerability can be exploited by remote user without authentication and it allows to execute remote code compromising the application as well as the operating system. As Application Manager's RMI registry is running with privileges of system administrator, by exploiting this vulnerability an attacker gains highest privileges on the underlying operating system.
Published: 2018-07-13T20:00:00.000Z
Updated: 2024-08-06T02:50:38.639Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2016-9491 |
vulnerable | 2026-06-03 14:36:16.922707 |
ManageEngine Applications Manager 12 and 13 is vulnerable to privilege escalation due to improper restriction of an XML external entity
ManageEngine Applications Manager 12 and 13 before build 13690 allows an authenticated user, who is able to access /register.do page (most likely limited to administrator), to browse the filesystem and read the system files, including Applications Manager configuration, stored private keys, etc. By default Application Manager is running with administrative privileges, therefore it is possible to access every directory on the underlying operating system.
Published: 2018-07-13T20:00:00.000Z
Updated: 2024-08-06T02:50:38.580Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2016-9490 |
vulnerable | 2026-06-03 14:36:16.922302 |
ManageEngine Applications Manager versions 12 and 13 suffer from a Reflected Cross-Site Scripting vulnerability
ManageEngine Applications Manager versions 12 and 13 before build 13200 suffer from a Reflected Cross-Site Scripting vulnerability. Applications Manager is prone to a Cross-Site Scripting vulnerability in parameter LIMIT, in URL path /DiagAlertAction.do?REQTYPE=AJAX&LIMIT=1233. The URL is also available without authentication.
Published: 2018-06-05T14:00:00.000Z
Updated: 2024-08-06T02:50:38.424Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2016-9489 |
vulnerable | 2026-06-03 14:36:16.920037 |
ManageEngine Applications Manager 12 and 13 is vulnerable to privilege escalation and authentication bypass
In ManageEngine Applications Manager 12 and 13 before build 13200, an authenticated user is able to alter all of their own properties, including own group, i.e. changing their group to one with higher privileges like "ADMIN". A user is also able to change properties of another user, e.g. change another user's password.
Published: 2018-07-13T20:00:00.000Z
Updated: 2024-08-06T02:50:38.431Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2016-9488 |
vulnerable | 2026-06-03 14:36:16.918483 |
ManageEngine Applications Manager versions 12 and 13 suffer from remote SQL injection vulnerabilities
ManageEngine Applications Manager versions 12 and 13 before build 13200 suffer from remote SQL injection vulnerabilities. An unauthenticated attacker is able to access the URL /servlet/MenuHandlerServlet, which is vulnerable to SQL injection. The attacker could extract users' password hashes, which are MD5 hashes without salt, and, depending on the database type and its configuration, could also execute operating system commands using SQL queries.
Published: 2018-06-05T14:00:00.000Z
Updated: 2024-08-06T02:50:38.390Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.