ManageEngine Applications Manager Multiple Security Vulnerabilities
AirWave Management Platform is prone to the following multiple security vulnerabilities:
1. A remote code-execution vulnerability
2. An SQL-injection vulnerability
3. A privilege-escalation vulnerability
4. A cross-site scripting vulnerability
5. An XML external entity injection vulnerability
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, execute arbitrary commands in the context of the operating system, gain elevated privileges or cause denial-of-service conditions.
ManageEngine Applications Manager 12 and 13 are vulnerable.