10.2

DATE	CVE	VULNERABILITY TITLE	RISK
2012-02-14	CVE-2012-1063	SQL Injection vulnerability in Manageengine Applications Manager Multiple SQL injection vulnerabilities in ManageEngine Applications Manager 9.x and 10.x allow remote attackers to execute arbitrary SQL commands via the (1) viewId parameter to fault/AlarmView.do or (2) period parameter to showHistoryData.do. network low complexity manageengine CWE-89	7.5
2012-02-14	CVE-2012-1062	Cross-Site Scripting vulnerability in Manageengine Applications Manager Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Applications Manager 9.x and 10.x allow remote attackers to inject arbitrary web script or HTML via the (1) period parameter to showHistoryData.do; (2) selectedNetwork, (3) network, or (4) group parameters to showresource.do; (5) header parameter to AlarmView.do; or (6) attName parameter to jsp/PopUp_Graph.jsp. network manageengine CWE-79	4.3