CVE-2016-9491 Vulnerability Details

  /     /     /  

CVE-2016-9491 Metadata Quick Info

CVE Published: 13/07/2018 | CVE Updated: 06/08/2024 | CVE Year: 2016
Source: certcc | Vendor: ManageEngine | Product: Applications Manager
Status : PUBLISHED

---

CVE-2016-9491 Description

ManageEngine Applications Manager 12 and 13 before build 13690 allows an authenticated user, who is able to access /register.do page (most likely limited to administrator), to browse the filesystem and read the system files, including Applications Manager configuration, stored private keys, etc. By default Application Manager is running with administrative privileges, therefore it is possible to access every directory on the underlying operating system.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-611
CWE Name: CWE-611
Source: ManageEngine

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).