CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2016-9490 – ManageEngine Applications Manager versions 12 and 13 suffer from a Reflected Cross-Site Scripting vulnerability
https://notcve.org/view.php?id=CVE-2016-9490
ManageEngine Applications Manager versions 12 and 13 before build 13200 suffer from a Reflected Cross-Site Scripting vulnerability. Applications Manager is prone to a Cross-Site Scripting vulnerability in parameter LIMIT, in URL path /DiagAlertAction.do?REQTYPE=AJAX&LIMIT=1233. The URL is also available without authentication. ManageEngine Applications Manager en versiones 12 y 13 antes de la build 13200 sufre de una vulnerabilidad de Cross-Site Scripting (XSS) reflejado. • http://seclists.org/fulldisclosure/2017/Apr/9 http://www.securityfocus.com/bid/97394 https://packetstormsecurity.com/files/142022/ManageEngine-Applications-Manager-12-13-XSS-SQL-Injection-Code-Execution.html https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2016-9490.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.9EPSS: 0%CPEs: 5EXPL: 0CVE-2017-3277 – Oracle E-Business Suite 12.x Unconstrainted File Download
https://notcve.org/view.php?id=CVE-2017-3277
Vulnerability in the Oracle Applications Manager component of Oracle E-Business Suite (subcomponent: OAM Client). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Applications Manager. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Applications Manager accessible data. CVSS v3.0 Base Score 4.9 (Confidentiality impacts). • http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html http://www.securityfocus.com/bid/95617 http://www.securitytracker.com/id/1037639 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •