Volerion logoVolerion
Volerion logoVolerion

ManageEngine Applications Manager Information Disclosure Vulnerability in File/Directory Monitor

Vulnerability

An information disclosure vulnerability has been identified in ManageEngine Applications Manager versions through 176800. This vulnerability arises in the File/Directory monitor when content checks are enabled and a file containing sensitive information from the Applications Manager directory is monitored. In such cases, the information is exposed through Debug-Info HTML files. The vulnerability allows authenticated users to access encrypted database credentials of Applications Manager, but only if the affected monitor is configured by an Administrator or Delegated Administrator.

Impact

Exploitation of this vulnerability allows for unauthorized access to encrypted database credentials of Applications Manager, which could potentially be decrypted and misused.

Remediation

Users can update to ManageEngine Applications Manager version 176900 or version 176701, both of which address this vulnerability. Instructions for updating are available on the ManageEngine Applications Manager service packs page.

Added: Oct 21, 2025, 1:17 PM
Updated: Oct 21, 2025, 8:06 PM

Vulnerability Rating

Custom Algorithm
spread
5.7
impact
2.5
exploitability
4.9
remediation
7.7
relevance
0.8
threat
0.0
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.