GCVE - cpe:2.3:a:manageengine:applications

Approved changes feed: RSS · Atom

cpe:2.3:a:manageengine:applications_manager:12.0:*:*:*:*:*:*:*

part: a version: 12.0 update: *

Vendor	Manageengine (`b7eba64e-d5d7-5395-be8c-84fe138ee37e`)
Product	Applications Manager (`61b3f0cf-5771-570b-90af-8ce851915b9f`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2016-9490`	vulnerable	2026-06-03 14:36:16.922340	ManageEngine Applications Manager versions 12 and 13 suffer from a Reflected Cross-Site Scripting vulnerability ManageEngine Applications Manager versions 12 and 13 before build 13200 suffer from a Reflected Cross-Site Scripting vulnerability. Applications Manager is prone to a Cross-Site Scripting vulnerability in parameter LIMIT, in URL path /DiagAlertAction.do?REQTYPE=AJAX&LIMIT=1233. The URL is also available without authentication. Published: 2018-06-05T14:00:00.000Z Updated: 2024-08-06T02:50:38.424Z Open on db.gcve.eu Reference links http://seclists.org/fulldisclosure/2017/Apr/9 https://packetstormsecurity.com/files/142022/ManageEngine-Applications-Manager-12-13-XSS-SQL-Injection-Code-Execution.html https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2016-9490.html http://www.securityfocus.com/bid/97394	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-9488`	vulnerable	2026-06-03 14:36:16.919084	ManageEngine Applications Manager versions 12 and 13 suffer from remote SQL injection vulnerabilities ManageEngine Applications Manager versions 12 and 13 before build 13200 suffer from remote SQL injection vulnerabilities. An unauthenticated attacker is able to access the URL /servlet/MenuHandlerServlet, which is vulnerable to SQL injection. The attacker could extract users' password hashes, which are MD5 hashes without salt, and, depending on the database type and its configuration, could also execute operating system commands using SQL queries. Published: 2018-06-05T14:00:00.000Z Updated: 2024-08-06T02:50:38.390Z Open on db.gcve.eu Reference links http://seclists.org/fulldisclosure/2017/Apr/9 https://packetstormsecurity.com/files/142022/ManageEngine-Applications-Manager-12-13-XSS-SQL-Injection-Code-Execution.html https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2016-9488.html http://www.securityfocus.com/bid/97394 http://packetstormsecurity.com/files/158554/ManageEngine-Applications-Manager-13-SQL-Injection.html	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Applications Manager

PURL mappings

Vulnerability references

Contribute