|Impact||CVSS V3 rating:|
|Fixed||24 June 2020|
|Affected Builds||Till version 14720|
|Fixed in||Build 14730 and above|
|Overview||Authenticated Remote Code Execution as admin via Java class reflection in Weblogic server test credential API.|
|Recommended Fix||Upgrade Applications Manager to version 14730 or above.|
ManageEngine Applications Manager 14720 and before allows an authenticated admin user to upload a vulnerable jar in a specific location, which leads to remote code execution.
We recommend you to upgrade Applications Manager to version 14730 or above to fix this issue.
Source and Acknowledgements