CVE-2016-9498

Name of the Vulnerable Software and Affected Versions ManageEngine Applications Manager versions 12 through 13 before build 13200

Description The issue allows unserialization of unsafe Java objects, which can be exploited by a remote user without authentication. This enables the execution of remote code, compromising both the application and the operating system. Since the RMI registry of the Application Manager runs with system administrator privileges, exploiting this issue grants an attacker the highest privileges on the underlying operating system.

Recommendations For ManageEngine Applications Manager versions 12 through 13 before build 13200, update to build 13200 or later to resolve the issue.