First published: Fri Jan 10 2020(Updated: )
An issue was discovered in ManageEngine Applications Manager 14 with Build 14360. Integrated PostgreSQL which is built-in in Applications Manager is prone to attack due to lack of file permission security. The malicious users who are in “Authenticated Users” group can exploit privilege escalation and modify PostgreSQL configuration to execute arbitrary command to escalate and gain full system privilege user access and rights over the system.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Zohocorp ManageEngine Applications Manager | =14.3-14360 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-19475 is a vulnerability in ManageEngine Applications Manager 14 with Build 14360 that allows malicious users in the "Authenticated Users" group to exploit privilege escalation.
The severity of CVE-2019-19475 is critical with a CVSS score of 8.8.
To fix CVE-2019-19475, it is recommended to apply the necessary security updates provided by ManageEngine.
The affected software of CVE-2019-19475 is ManageEngine Applications Manager 14 with Build 14360.
The CWE of CVE-2019-19475 is CWE-276 (Insecure Default Permissions).