CVE-2016-9489— ManageEngine Applications Manager 12 and 13 is vulnerable to privilege escalation and authentication bypass
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2016-9489
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
ManageEngine Applications Manager 12 and 13 is vulnerable to privilege escalation and authentication bypass
Source: NVD (National Vulnerability Database)
Vulnerability Description
In ManageEngine Applications Manager 12 and 13 before build 13200, an authenticated user is able to alter all of their own properties, including own group, i.e. changing their group to one with higher privileges like "ADMIN". A user is also able to change properties of another user, e.g. change another user's password.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
特权管理不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
ZOHO ManageEngine Applications Manager 信任管理漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
ZOHO ManageEngine Applications Manager是美国卓豪(ZOHO)公司的一套应用性能监控软件。该软件可对不同的业务系统、应用和网络服务(如服务器、操作系统等)进行远程监控和管理。 ZOHO ManageEngine Applications Manager 12版本和13版本中存在信任管理漏洞。远程攻击者可利用该漏洞获取权限。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| ManageEngine | Applications Manager | 12 | - |
II. Public POCs for CVE-2016-9489
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2016-9489
请登录查看更多情报信息。
Same Patch Batch · ManageEngine · 2018-07-13 · 3 CVEs total
| CVE-2016-9491 | ManageEngine Applications Manager 12 and 13 is vulnerable to privilege escalation due to i | |
| CVE-2016-9498 | ManageEngine Applications Manager 12 and 13, allows unserialization of unsafe Java objects |
IV. Related Vulnerabilities
Same weakness: CWE-269
- CVE-2026-42562
Plainpad: Privilege Escalation via Writable Admin Field in P - CVE-2026-41163
bubblewrap vulnerable to privilege escalation in setuid mode - CVE-2026-44987
SysReptor: Privilege Escalation from User Admin to Superuser - CVE-2026-42185
People: Privilege Escalation via Missing Role Ceiling in Mai - CVE-2026-40001
Local privilege escalation vulnerability in ZTE PROCESS Guar
V. Comments for CVE-2016-9489
No comments yet