cbcvebase.
CVE-2016-9498
published 2018-07-13

CVE-2016-9498: ManageEngine Applications Manager 12 and 13 before build 13200, allows unserialization of unsafe Java objects. The vulnerability can be exploited by remote…

PriorityP276critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
22.01%
97.4th percentile
ManageEngine Applications Manager 12 and 13 before build 13200, allows unserialization of unsafe Java objects. The vulnerability can be exploited by remote user without authentication and it allows to execute remote code compromising the application as well as the operating system. As Application Manager's RMI registry is running with privileges of system administrator, by exploiting this vulnerability an attacker gains highest privileges on the underlying operating system.

Affected

7 ranges
VendorProductVersion rangeFixed in
manageengineapplications_manager
manageengineapplications_manager
w1.fiwpa_supplicant>= 0 < 2.1-0ubuntu1.72.1-0ubuntu1.7
w1.fiwpa_supplicant>= 0 < 2.4-0ubuntu6.42.4-0ubuntu6.4
w1.fiwpa_supplicant>= 0 < 2:2.6-15ubuntu2.22:2.6-15ubuntu2.2
zohocorpmanageengine_applications_manager
zohocorpmanageengine_applications_manager

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
osv7.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.