ManageEngine Access Manager Plus < 4.3 Build 4309 SQLi

Language:

Version 1.4 Jan 13, 2023, 1:59 PM IAVM reference STIG Severity (set to "I") Plugin Feed: 202301131359
Version 1.3 Jan 12, 2023, 6:19 PM CVSS metrics ("CVSSv2 score" changed from "7.5" to "10.0") CVSS metrics ("CVSSv2 vector" changed from "CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P" to "CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C") Exploit attributes ("Exploit available" set to "False") Plugin Feed: 202301121819
Version 1.2 Jan 6, 2023, 9:54 PM Reference Plugin Feed: 202301062154
Version 1.1 Jan 6, 2023, 4:14 PM CVSS metrics ("CVSSv2 score" changed from "10.0" to "7.5") CVSS metrics ("CVSSv2 vector" changed from "CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C" to "CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P") CVSS temporal metrics ("CVSSv2 temporal score" set to "5.5") CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:U/RL:OF/RC:C") CVSS temporal metrics ("CVSSv3 temporal score" set to "8.5") CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:U/RL:O/RC:C") Exploit attributes ("Exploitability ease" set to "No known exploits are available") Severity (changed from "Critical" to "High") Plugin Feed: 202301061614

* Changelogs are generally available for changes made after Nov 1, 2022