Luis Alfredo Nunez Rincon

**Name of the Vulnerable Software and Affected Versions** Zoho ManageEngine Applications Manager versions 14780 and before **Description** The issue allows a remote unauthenticated attacker to register managed servers via the AAMRequestProcessor servlet. **Recommendations** For versions 14780 and before, consider disabling the AAMRequestProcessor servlet as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Zoho ManageEngine Applications Manager versions prior to 14600 **Description** The issue allows a remote unauthenticated attacker to disclose license-related information. This is achieved via the WieldFeedServlet servlet. **Recommendations** For versions prior to 14600, update to version 14600 or later to resolve the issue. As a temporary workaround, consider restricting access to the WieldFeedServlet servlet until a patch is applied.