Vulnerability-Lookup

CVE-2016-9498 (GCVE-0-2016-9498)

Vulnerability from cvelistv5 – Published: 2018-07-13 20:00 – Updated: 2024-08-06 02:50

Title

ManageEngine Applications Manager 12 and 13, allows unserialization of unsafe Java objects

Summary

ManageEngine Applications Manager 12 and 13 before build 13200, allows unserialization of unsafe Java objects. The vulnerability can be exploited by remote user without authentication and it allows to execute remote code compromising the application as well as the operating system. As Application Manager's RMI registry is running with privileges of system administrator, by exploiting this vulnerability an attacker gains highest privileges on the underlying operating system.

Severity ?

No CVSS data available.

CWE

CWE-502

Assigner

certcc

References

URL

Tags

	http://seclists.org/fulldisclosure/2017/Apr/9	mailing-listx_refsource_FULLDISC
	https://www.securityfocus.com/bid/97394/	vdb-entryx_refsource_BID
	https://www.manageengine.com/products/application…	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	ManageEngine	Applications Manager	Affected: 12 Affected: 13

Credits

Thanks to Lukasz Juszczyk for reporting this vulnerability.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T02:50:38.639Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20170404 ManageEngine Applications Manager Multiple Vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2017/Apr/9"
          },
          {
            "name": "97394",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "https://www.securityfocus.com/bid/97394/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2016-9498.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Applications Manager",
          "vendor": "ManageEngine",
          "versions": [
            {
              "status": "affected",
              "version": "12"
            },
            {
              "status": "affected",
              "version": "13"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Thanks to Lukasz Juszczyk for reporting this vulnerability."
        }
      ],
      "datePublic": "2017-04-04T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "ManageEngine Applications Manager 12 and 13 before build 13200, allows unserialization of unsafe Java objects. The vulnerability can be exploited by remote user without authentication and it allows to execute remote code compromising the application as well as the operating system. As Application Manager\u0027s RMI registry is running with privileges of system administrator, by exploiting this vulnerability an attacker gains highest privileges on the underlying operating system."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-502",
              "description": "CWE-502",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-08-06T20:57:01.000Z",
        "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "shortName": "certcc"
      },
      "references": [
        {
          "name": "20170404 ManageEngine Applications Manager Multiple Vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2017/Apr/9"
        },
        {
          "name": "97394",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "https://www.securityfocus.com/bid/97394/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2016-9498.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "ManageEngine Applications Manager 12 and 13, allows unserialization of unsafe Java objects",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2016-9498",
          "STATE": "PUBLIC",
          "TITLE": "ManageEngine Applications Manager 12 and 13, allows unserialization of unsafe Java objects"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Applications Manager",
                      "version": {
                        "version_data": [
                          {
                            "affected": "=",
                            "version_affected": "=",
                            "version_name": "12",
                            "version_value": "12"
                          },
                          {
                            "affected": "=",
                            "version_affected": "=",
                            "version_name": "13",
                            "version_value": "13"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "ManageEngine"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Thanks to Lukasz Juszczyk for reporting this vulnerability."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "ManageEngine Applications Manager 12 and 13 before build 13200, allows unserialization of unsafe Java objects. The vulnerability can be exploited by remote user without authentication and it allows to execute remote code compromising the application as well as the operating system. As Application Manager\u0027s RMI registry is running with privileges of system administrator, by exploiting this vulnerability an attacker gains highest privileges on the underlying operating system."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-502"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20170404 ManageEngine Applications Manager Multiple Vulnerabilities",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2017/Apr/9"
            },
            {
              "name": "97394",
              "refsource": "BID",
              "url": "https://www.securityfocus.com/bid/97394/"
            },
            {
              "name": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2016-9498.html",
              "refsource": "CONFIRM",
              "url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2016-9498.html"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
    "assignerShortName": "certcc",
    "cveId": "CVE-2016-9498",
    "datePublished": "2018-07-13T20:00:00.000Z",
    "dateReserved": "2016-11-21T00:00:00.000Z",
    "dateUpdated": "2024-08-06T02:50:38.639Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

GSD-2016-9498

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2016-9498

Aliases

CVE-2016-9498

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-9498",
    "description": "ManageEngine Applications Manager 12 and 13 before build 13200, allows unserialization of unsafe Java objects. The vulnerability can be exploited by remote user without authentication and it allows to execute remote code compromising the application as well as the operating system. As Application Manager\u0027s RMI registry is running with privileges of system administrator, by exploiting this vulnerability an attacker gains highest privileges on the underlying operating system.",
    "id": "GSD-2016-9498"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-9498"
      ],
      "details": "ManageEngine Applications Manager 12 and 13 before build 13200, allows unserialization of unsafe Java objects. The vulnerability can be exploited by remote user without authentication and it allows to execute remote code compromising the application as well as the operating system. As Application Manager\u0027s RMI registry is running with privileges of system administrator, by exploiting this vulnerability an attacker gains highest privileges on the underlying operating system.",
      "id": "GSD-2016-9498",
      "modified": "2023-12-13T01:21:21.743689Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cert@cert.org",
        "ID": "CVE-2016-9498",
        "STATE": "PUBLIC",
        "TITLE": "ManageEngine Applications Manager 12 and 13, allows unserialization of unsafe Java objects"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Applications Manager",
                    "version": {
                      "version_data": [
                        {
                          "affected": "=",
                          "version_name": "12",
                          "version_value": "12"
                        },
                        {
                          "affected": "=",
                          "version_name": "13",
                          "version_value": "13"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "ManageEngine"
            }
          ]
        }
      },
      "credit": [
        {
          "lang": "eng",
          "value": "Thanks to Lukasz Juszczyk for reporting this vulnerability."
        }
      ],
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "ManageEngine Applications Manager 12 and 13 before build 13200, allows unserialization of unsafe Java objects. The vulnerability can be exploited by remote user without authentication and it allows to execute remote code compromising the application as well as the operating system. As Application Manager\u0027s RMI registry is running with privileges of system administrator, by exploiting this vulnerability an attacker gains highest privileges on the underlying operating system."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-502"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "20170404 ManageEngine Applications Manager Multiple Vulnerabilities",
            "refsource": "FULLDISC",
            "url": "http://seclists.org/fulldisclosure/2017/Apr/9"
          },
          {
            "name": "97394",
            "refsource": "BID",
            "url": "https://www.securityfocus.com/bid/97394/"
          },
          {
            "name": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2016-9498.html",
            "refsource": "CONFIRM",
            "url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2016-9498.html"
          }
        ]
      },
      "source": {
        "discovery": "UNKNOWN"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_applications_manager:12.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2016-9498"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "ManageEngine Applications Manager 12 and 13 before build 13200, allows unserialization of unsafe Java objects. The vulnerability can be exploited by remote user without authentication and it allows to execute remote code compromising the application as well as the operating system. As Application Manager\u0027s RMI registry is running with privileges of system administrator, by exploiting this vulnerability an attacker gains highest privileges on the underlying operating system."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-502"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "97394",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://www.securityfocus.com/bid/97394/"
            },
            {
              "name": "20170404 ManageEngine Applications Manager Multiple Vulnerabilities",
              "refsource": "FULLDISC",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://seclists.org/fulldisclosure/2017/Apr/9"
            },
            {
              "name": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2016-9498.html",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2016-9498.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2019-10-09T23:20Z",
      "publishedDate": "2018-07-13T20:29Z"
    }
  }
}

GHSA-C3X4-W2JM-V6M5

Vulnerability from github – Published: 2022-05-13 01:38 – Updated: 2022-05-13 01:38

Details

Severity ?

9.8 (Critical)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2016-9498"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-502"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-07-13T20:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "ManageEngine Applications Manager 12 and 13 before build 13200, allows unserialization of unsafe Java objects. The vulnerability can be exploited by remote user without authentication and it allows to execute remote code compromising the application as well as the operating system. As Application Manager\u0027s RMI registry is running with privileges of system administrator, by exploiting this vulnerability an attacker gains highest privileges on the underlying operating system.",
  "id": "GHSA-c3x4-w2jm-v6m5",
  "modified": "2022-05-13T01:38:30Z",
  "published": "2022-05-13T01:38:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9498"
    },
    {
      "type": "WEB",
      "url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2016-9498.html"
    },
    {
      "type": "WEB",
      "url": "https://www.securityfocus.com/bid/97394"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2017/Apr/9"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2016-9498

Vulnerability from fkie_nvd - Published: 2018-07-13 20:29 - Updated: 2024-11-21 03:01

Severity ?

9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
cret@cert.org	http://seclists.org/fulldisclosure/2017/Apr/9	Mailing List, Third Party Advisory
cret@cert.org	https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2016-9498.html	Vendor Advisory
cret@cert.org	https://www.securityfocus.com/bid/97394/	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2017/Apr/9	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2016-9498.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.securityfocus.com/bid/97394/	Third Party Advisory, VDB Entry

Impacted products

	Vendor	Product	Version
	zohocorp	manageengine_applications_manager	12.0
	zohocorp	manageengine_applications_manager	13.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "627D0D5D-1B83-4480-BE43-5D1F1D95F563",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "69BC473D-B091-41C9-8C0F-D397B16F0042",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "ManageEngine Applications Manager 12 and 13 before build 13200, allows unserialization of unsafe Java objects. The vulnerability can be exploited by remote user without authentication and it allows to execute remote code compromising the application as well as the operating system. As Application Manager\u0027s RMI registry is running with privileges of system administrator, by exploiting this vulnerability an attacker gains highest privileges on the underlying operating system."
    },
    {
      "lang": "es",
      "value": "ManageEngine Applications Manager 12 y 13 antes de la build 13200 permite la deserializaci\u00f3n de objetos Java inseguros. La vulnerabilidad puede ser explotada por usuarios remotos sin autenticaci\u00f3n y permite la ejecuci\u00f3n de c\u00f3digo remoto que comprometa la aplicaci\u00f3n, as\u00ed como el sistema operativo. Como el registro RMI de Application Manager se ejecuta con privilegios de administrador del sistema, al explotar esta vulnerabilidad un atacante obtiene los mayores privilegios en el sistema operativo subyacente."
    }
  ],
  "id": "CVE-2016-9498",
  "lastModified": "2024-11-21T03:01:20.043",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-07-13T20:29:01.940",
  "references": [
    {
      "source": "cret@cert.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2017/Apr/9"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2016-9498.html"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.securityfocus.com/bid/97394/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2017/Apr/9"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2016-9498.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.securityfocus.com/bid/97394/"
    }
  ],
  "sourceIdentifier": "cret@cert.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-502"
        }
      ],
      "source": "cret@cert.org",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-502"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CNVD-2017-05233

Vulnerability from cnvd - Published: 2017-04-24

Title

ZOHO ManageEngine Applications Manager远程代码执行漏洞

Description

ZOHO ManageEngine Applications Manager是美国卓豪（ZOHO）公司的一套应用性能监控软件。该软件可对不同的业务系统、应用和网络服务（如服务器、操作系统等）进行远程监控和管理。 ZOHO ManageEngine Applications Manager 12版本和13版本中存在远程代码执行漏洞。远程攻击者可利用该漏洞执行任意命令，获取底层操作系统的最高权限。

Severity

高

Patch Name

ZOHO ManageEngine Applications Manager远程代码执行漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://www.manageengine.com/products/applications_manager/release-notes.html

Reference

http://www.securityfocus.com/bid/97394

Impacted products

Name
['ZOHO ManageEngine Applications Manager 12', 'ZOHO ManageEngine Applications Manager 13']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "97394"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-9498"
    }
  },
  "description": "ZOHO ManageEngine Applications Manager\u662f\u7f8e\u56fd\u5353\u8c6a\uff08ZOHO\uff09\u516c\u53f8\u7684\u4e00\u5957\u5e94\u7528\u6027\u80fd\u76d1\u63a7\u8f6f\u4ef6\u3002\u8be5\u8f6f\u4ef6\u53ef\u5bf9\u4e0d\u540c\u7684\u4e1a\u52a1\u7cfb\u7edf\u3001\u5e94\u7528\u548c\u7f51\u7edc\u670d\u52a1\uff08\u5982\u670d\u52a1\u5668\u3001\u64cd\u4f5c\u7cfb\u7edf\u7b49\uff09\u8fdb\u884c\u8fdc\u7a0b\u76d1\u63a7\u548c\u7ba1\u7406\u3002\r\n\r\nZOHO ManageEngine Applications Manager 12\u7248\u672c\u548c13\u7248\u672c\u4e2d\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u547d\u4ee4\uff0c\u83b7\u53d6\u5e95\u5c42\u64cd\u4f5c\u7cfb\u7edf\u7684\u6700\u9ad8\u6743\u9650\u3002",
  "discovererName": "Lukasz Juszczyk",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.manageengine.com/products/applications_manager/release-notes.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-05233",
  "openTime": "2017-04-24",
  "patchDescription": "ZOHO ManageEngine Applications Manager\u662f\u7f8e\u56fd\u5353\u8c6a\uff08ZOHO\uff09\u516c\u53f8\u7684\u4e00\u5957\u5e94\u7528\u6027\u80fd\u76d1\u63a7\u8f6f\u4ef6\u3002\u8be5\u8f6f\u4ef6\u53ef\u5bf9\u4e0d\u540c\u7684\u4e1a\u52a1\u7cfb\u7edf\u3001\u5e94\u7528\u548c\u7f51\u7edc\u670d\u52a1\uff08\u5982\u670d\u52a1\u5668\u3001\u64cd\u4f5c\u7cfb\u7edf\u7b49\uff09\u8fdb\u884c\u8fdc\u7a0b\u76d1\u63a7\u548c\u7ba1\u7406\u3002\r\n\r\nZOHO ManageEngine Applications Manager 12\u7248\u672c\u548c13\u7248\u672c\u4e2d\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u547d\u4ee4\uff0c\u83b7\u53d6\u5e95\u5c42\u64cd\u4f5c\u7cfb\u7edf\u7684\u6700\u9ad8\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "ZOHO ManageEngine Applications Manager\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "ZOHO ManageEngine Applications Manager 12",
      "ZOHO ManageEngine Applications Manager 13"
    ]
  },
  "referenceLink": "http://www.securityfocus.com/bid/97394",
  "serverity": "\u9ad8",
  "submitTime": "2017-04-05",
  "title": "ZOHO ManageEngine Applications Manager\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2016-9498 (GCVE-0-2016-9498)

GSD-2016-9498

GHSA-C3X4-W2JM-V6M5

FKIE_CVE-2016-9498

CNVD-2017-05233

Tags

Sightings

Nomenclature