Lukasz Juszczyk

**Name of the Vulnerable Software and Affected Versions** ManageEngine Applications Manager versions 12 through 13 before build 13200 **Description** The issue allows unserialization of unsafe Java objects, which can be exploited by a remote user without authentication. This enables the execution of remote code, compromising both the application and the operating system. Since the RMI registry of the Application Manager runs with system administrator privileges, exploiting this issue grants an attacker the highest privileges on the underlying operating system. **Recommendations** For ManageEngine Applications Manager versions 12 through 13 before build 13200, update to build 13200 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** ManageEngine Applications Manager versions 12 through 13 before build 13200 **Description** The issue allows an authenticated user to modify their own properties, including their group membership, potentially escalating their privileges to a higher level, such as "ADMIN". Additionally, a user can alter properties of another user, including changing their password. **Recommendations** For ManageEngine Applications Manager versions 12 through 13 before build 13200, update to build 13200 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** ManageEngine Applications Manager versions 12 through 13 before build 13690 **Description** The issue allows an authenticated user, likely with administrative privileges, to browse the filesystem and read system files, including configuration and stored private keys, by accessing the "/register.do" page. This is possible because the Application Manager runs with administrative privileges by default, granting access to every directory on the underlying operating system. **Recommendations** For ManageEngine Applications Manager versions 12 through 13 before build 13690, update to build 13690 or later to resolve the issue. As a temporary workaround, consider restricting access to the "/register.do" page to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** ManageEngine Applications Manager versions 12 and 13 before build 13200 **Description** The issue allows an unauthenticated attacker to perform remote SQL injection. This can be achieved by accessing the "MenuHandlerServlet" API endpoint, specifically the URL /servlet/MenuHandlerServlet, which is vulnerable to SQL injection. The attacker could extract users' password hashes, which are MD5 hashes without salt. Depending on the database type and its configuration, the attacker could also execute operating system commands using SQL queries. **Recommendations** For ManageEngine Applications Manager versions 12 and 13 before build 13200, update to build 13200 or later to resolve the issue. As a temporary workaround, consider restricting access to the /servlet/MenuHandlerServlet endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** ManageEngine Applications Manager versions 12 and 13 before build 13200 **Description** The issue is related to a Reflected Cross-Site Scripting problem. It affects the parameter `LIMIT` in the URL path "/DiagAlertAction.do?REQTYPE=AJAX&LIMIT=1233". This URL is accessible without authentication. **Recommendations** For ManageEngine Applications Manager versions 12 and 13 before build 13200, update to build 13200 or later to resolve the issue. As a temporary workaround, consider restricting access to the "/DiagAlertAction.do" endpoint and avoiding the use of the `LIMIT` parameter until the update is applied.

**Name of the Vulnerable Software and Affected Versions** IBM Cognos Business Intelligence and IBM Cognos Analytics (affected versions not specified) **Description** The issue is related to stored cross-site scripting due to improper validation of user-supplied input. A remote attacker could inject malicious script into a Web page, which would be executed in a victim's Web browser within the security context of the hosting Web site once the page is viewed. This could allow an attacker to steal the victim's cookie-based authentication credentials. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IBM Cognos Business Intelligence and IBM Cognos Analytics (affected versions not specified) **Description** The issue is caused by improper validation of user-supplied input, allowing for cross-site scripting. A remote attacker could exploit this using a specially-crafted URL to execute script in a victim's Web browser, potentially stealing the victim's cookie-based authentication credentials. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** nGrinder versions prior to 3.4 **Description** The issue allows remote attackers to inject arbitrary web script or HTML via the `description`, `email`, or `username` parameter to the "user/save" endpoint. This can lead to cross-site scripting (XSS) attacks. **Recommendations** For versions prior to 3.4, update to version 3.4 or later to resolve the issue. As a temporary workaround, consider restricting user input for the `description`, `email`, and `username` parameters to minimize the risk of exploitation. Avoid using these parameters in the "user/save" endpoint until the issue is resolved.