This is a security advisory for all ManageEngine Applications Manager users between versions 11.0 - 14.0. We recommend you to upgrade to the latest version of Applications Manager to avoid the security vulnerability described below.
Between 14080-14140
Please note that the versions other than the ones mentioned above remain unaffected by the vulnerability.
Download service pack and upgrade to the latest version. Please read the instructions before you upgrade.
https://pentest.com.tr/exploits/ManageEngine-App-Manager-14-Auth-Bypass-Remote-Command-Execution.html
https://pentest.com.tr/exploits/ManageEngine-App-Manager-14-SQLi-Remote-Code-Execution.html
https://gist.github.com/mmetince/eaa96e977a87536ad0660ee4ce8f39c6
We offer our sincere apologies for any inconvenience caused.