Abstract Advisory Information
Server Side Request Forgery (SSRF) exists in ManageEngine AssetExplorer version 6.2.0 for AJaxServlet servlet.
Author: Dominique Righetto
Version affected
Name: AssetExplorer
Versions: 6.2.0Common Vulnerability Scoring System
4.1
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:NPatches
The vulnerability is patched in release 6502.
References
https://www.manageengine.com/products/asset-explorer/sp-readme.html
Vulnerability Disclosure Timeline
- 09/05/2019 Vulnerability identification
- 14/05/2019: First contact with the vendor
- 28/06/2019: Vulnerability patched by vendor
- 17/07/2019: Patch available
- 06/08/2019: Public disclosure