CVE-2016-9490

Опубликовано: 05 июн. 2018

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

ManageEngine Applications Manager versions 12 and 13 before build 13200 suffer from a Reflected Cross-Site Scripting vulnerability. Applications Manager is prone to a Cross-Site Scripting vulnerability in parameter LIMIT, in URL path /DiagAlertAction.do?REQTYPE=AJAX&LIMIT=1233. The URL is also available without authentication.

Ссылки

http://seclists.org/fulldisclosure/2017/Apr/9
Mailing List
Third Party Advisory
http://www.securityfocus.com/bid/97394
Third Party Advisory
VDB Entry
https://packetstormsecurity.com/files/142022/ManageEngine-Applications-Manager-12-13-XSS-SQL-Injection-Code-Execution.html
Third Party Advisory
VDB Entry
https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2016-9490.html
http://seclists.org/fulldisclosure/2017/Apr/9
Mailing List
Third Party Advisory
http://www.securityfocus.com/bid/97394
Third Party Advisory
VDB Entry
https://packetstormsecurity.com/files/142022/ManageEngine-Applications-Manager-12-13-XSS-SQL-Injection-Code-Execution.html
Third Party Advisory
VDB Entry
https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2016-9490.html

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:manageengine:applications_manager:12.0:*:*:*:*:*:*:*

cpe:2.3:a:manageengine:applications_manager:13.0:*:*:*:*:*:*:*

EPSS

Процентиль: 74%

0.00852

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-jm36-8m9x-wq28