CVE-2008-0476

Manageengine Applications Manager - Authentication Bypass

Title source: rule

Description

ManageEngine Applications Manager 8.1 build 8100 does not check authentication for monitorType.do and unspecified other pages, which allows remote attackers to obtain sensitive information and change settings via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

References (3)

[Vendor Advisory] http://secunia.com/advisories/28332

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/39915

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/27443

Scores

EPSS 0.0033

EPSS Percentile 55.2%

Classification

CWE

CWE-287

Status draft

Affected Products (1)

manageengine/applications_manager

Timeline

Published Jan 29, 2008

Tracked Since Feb 18, 2026