 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.807677 |
| Category: | Web application abuses |
| Title: | ManageEngine Password Manager Pro Multiple Vulnerabilities |
| Summary: | ManageEngine Password Manager Pro is prone to multiple vulnerabilities. |
| Description: | Summary: ManageEngine Password Manager Pro is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws exist due to: - An improper sanitization of input to the parameter 'password' in 'AddMail.ve' script. - An improper sanitization of input to the parameters 'EMAIL', 'ROLE', 'OLDROLE' in 'EditUser.do' script. - An improper sanitization of input to the parameter 'Rule' in 'jsp/xmlhttp/AjaxResponse.jsp' script. - An improper sanitization of input to the parameters 'Resource' and 'Account' in '/jsp/xmlhttp/PasswdRetriveAjaxResponse.jsp.' script. - A Cross-Site Request Forgery vulnerability. Vulnerability Impact: Successful exploitation will allow remote attackers to execute arbitrary code, to escalate privileges, to bypass Password policy, to bypass Business Login, to do Password Bruteforce for resources accounts and to conduct request forgery attacks. Affected Software/OS: ManageEngine Password Manager Pro version 8.1 build 8102 to 8.3 build 8302 and probably earlier versions. Solution: Upgrade to ManageEngine Password Manager Pro version 8.3 build 8303 or later. CVSS Score: 6.5 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P |
| Copyright | Copyright (C) 2016 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |