Volerion logoVolerion
Volerion logoVolerion

ManageEngine Applications Manager Privilege Escalation Vulnerability in User Update Function

Vulnerability

A privilege escalation vulnerability has been identified in ManageEngine Applications Manager versions through 174000. The issue arises from incorrect authorization in the 'update user' function, allowing delegated admins to gain unauthorized admin access by modifying user group parameters via the API.

Impact

Exploitation of this vulnerability allows users with delegated admin privileges to gain full admin access.

Remediation

Users can update to ManageEngine Applications Manager version 174000 or any of the specified fixed versions. Instructions for updating are available on the ManageEngine Applications Manager service packs page.

Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm
spread
5.7
impact
5.0
exploitability
4.9
remediation
7.7
relevance
0.0
threat