CVE-2022-23050

Name of the Vulnerable Software and Affected Versions ManageEngine AppManager15 version 15510

Description The issue allows an authenticated admin user to upload a DLL file, enabling a DLL hijack attack inside the 'working' folder through the 'Upload Files / Binaries' functionality.

Recommendations For ManageEngine AppManager15 version 15510, consider disabling the 'Upload Files / Binaries' functionality as a temporary workaround until a patch is available. Restrict access to the 'working' folder to minimize the risk of exploitation. Avoid using the 'Upload Files / Binaries' functionality until the issue is resolved.