First published: Fri Jul 13 2018(Updated: )
ManageEngine Applications Manager 12 and 13 before build 13200, allows unserialization of unsafe Java objects. The vulnerability can be exploited by remote user without authentication and it allows to execute remote code compromising the application as well as the operating system. As Application Manager's RMI registry is running with privileges of system administrator, by exploiting this vulnerability an attacker gains highest privileges on the underlying operating system.
Credit: cret@cert.org
Affected Software | Affected Version | How to fix |
---|---|---|
Zohocorp ManageEngine Applications Manager | =12.0 | |
Zohocorp ManageEngine Applications Manager | =13.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2016-9498 is a vulnerability in ManageEngine Applications Manager 12 and 13 before build 13200 that allows unserialization of unsafe Java objects, which can be exploited by a remote user without authentication to execute remote code and compromise the application and operating system.
CVE-2016-9498 has a severity rating of 9.8 (critical).
ManageEngine Applications Manager versions 12.0 and 13.0 are affected by CVE-2016-9498.
CVE-2016-9498 can be exploited by a remote user without authentication to execute remote code and compromise the application and operating system.
Yes, security updates are available for CVE-2016-9498. Please refer to the provided references for more information.