First published: Fri Mar 13 2020(Updated: )
Zoho ManageEngine Applications Manager before 14600 allows a remote unauthenticated attacker to disclose license related information via WieldFeedServlet servlet.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Zohocorp ManageEngine Applications Manager | <14.5 | |
Zohocorp ManageEngine Applications Manager | =14.5 | |
Zohocorp ManageEngine Applications Manager | =14.5-build14500 | |
Zohocorp ManageEngine Applications Manager | =14.5-build14510 | |
Zohocorp ManageEngine Applications Manager | =14.5-build14520 | |
Zohocorp ManageEngine Applications Manager | =14.5-build14530 | |
Zohocorp ManageEngine Applications Manager | =14.5-build14540 | |
Zohocorp ManageEngine Applications Manager | =14.5-build14560 | |
Zohocorp ManageEngine Applications Manager | =14.5-build14570 | |
Zohocorp ManageEngine Applications Manager | =14.5-build14580 | |
Zohocorp ManageEngine Applications Manager | =14.5-build14590 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-19799 is a vulnerability in Zoho ManageEngine Applications Manager that allows a remote unauthenticated attacker to disclose license related information.
The severity of CVE-2019-19799 is medium with a severity score of 5.3.
An attacker can exploit CVE-2019-19799 by sending a request to the WieldFeedServlet servlet without authentication, thereby gaining access to license related information.
Zoho ManageEngine Applications Manager versions up to and including 14.5 are affected by CVE-2019-19799.
Yes, security updates for CVE-2019-19799 are available. Please refer to the following links for more information: [Link 1](https://gitlab.com/eLeN3Re/cve-2019-19799), [Link 2](https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2019-19799.html)