ManageEngine AppManager15 (Build No:15510) - DLL Hijacking

Summary

NameManageEngine AppManager15 (Build No:15510) - DLL Hijacking
Code nameCerati
ProductManageEngine
Affected versionsAppManager15 (Build No:15510)
StateUnpublished/Contacted Vendor

Vulnerability

KindDLL Hijacking
Rule413. Insecure file upload - DLL Injection
RemoteYes
CVSSv3 VectorCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CVSSv3 Base Score9.1
Exploit availableNo
CVE ID(s)CVE-2022-23050

Description

This information will be released later according to our Responsible Disclosure Policy.

Proof of Concept

This information will be released later according to our Responsible Disclosure Policy.

Exploit

This information will be released later according to our Responsible Disclosure Policy.

Mitigation

This information will be released later according to our Responsible Disclosure Policy.

Credits

The vulnerability was discovered by Andrés Roldán and Oscar Uribe from the Offensive Team of Fluid Attacks.

References

Vendor page https://www.manageengine.com/

Timeline

Time-lapse-logo

2022-02-03

Vulnerability discovered.

Time-lapse-logo

2022-02-03

Vendor contacted.