CVE-2016-9489

CVE-2016-9489: ManageEngine Applications Manager 12 and 13 is vulnerable to privilege escalation and authentication bypass

Vendor Manageengine
Product Applications Manager
Weakness CWE-269
Published July 13, 2018
Last update August 6, 2024

CVSS base score

What the vulnerability does

01Description

In ManageEngine Applications Manager 12 and 13 before build 13200, an authenticated user is able to alter all of their own properties, including own group, i.e. changing their group to one with higher privileges like "ADMIN". A user is also able to change properties of another user, e.g. change another user's password.

Key dates

02Disclosure timeline

July 13, 2018 CVE published
August 6, 2024 Record updated