This is a security advisory for all ManageEngine Applications Manager users between versions 11.0 - 14.0. We recommend you to upgrade to the latest version of Applications Manager to avoid the security vulnerability described below.

• https://localhost/jsp/Popup_SLA.jsp
  

• https://localhost/servlet/SyncMonitorInAdminMG
  

• https://localhost/jsp/FaultTemplateOptions.jsp
  

                                Between 14080-14140

Please note that the versions other than the ones mentioned above remain unaffected by the vulnerability.

Download service pack and upgrade to the latest version.  Please read the instructions before you upgrade.

• https://pentest.com.tr/exploits/ManageEngine-App-Manager-14-Auth-Bypass-Remote-Command-Execution.html
  

• https://pentest.com.tr/exploits/ManageEngine-App-Manager-14-SQLi-Remote-Code-Execution.html
  

• https://gist.github.com/mmetince/eaa96e977a87536ad0660ee4ce8f39c6
  

We offer our sincere apologies for any inconvenience caused.