What is CVE-2016-9498?

CVE-2016-9498 is a vulnerability in Manageengine Applications Manager, classified under Deserialization of Untrusted Data. Published 2018-07-13.

Is CVE-2016-9498 known to be exploited?

7 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Deserialization in Manageengine Applications Manager

CVE-2016-9498

ManageEngine Applications Manager 12 and 13 before build 13200, allows unserialization of unsafe Java objects. The vulnerability can be exploited by remote user without authentication and it allows to execute remote code compromising the a…

Vulnerability class: Insecure Deserialization

EPSS: 0.602 (98.3th percentile) — read the EPSS interpretation.

Affected products

Manageengine Applications Manager — versions 12, 13

Weakness classification (CWE)

CWE-502 — Deserialization of Untrusted Data

Public proof-of-concept exploits

References

20170404 ManageEngine Applications Manager Multiple Vulnerabilities (mailing-list, x_refsource_FULLDISC)
97394 (vdb-entry, x_refsource_BID)
www.manageengine.com/products/applications_manager/security-updates/security-up… (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2016-9498?: CVE-2016-9498 is a vulnerability in Manageengine Applications Manager, classified under Deserialization of Untrusted Data. Published 2018-07-13.
Is CVE-2016-9498 known to be exploited?: 7 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.