Lucene search
HistoryDec 05, 2014 - 3:59 p.m.
CVE-2014-3997
cve-2014-3997
sql injection
manageengine
password manager pro
it360
vulnerability
nvd
remote attackers
msp edition
metadataservlet
it security
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
8.2 High
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
55.1%
SQL injection vulnerability in the MetadataServlet servlet in ManageEngine Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition 5 through 7 build 7003, IT360 and IT360 Managed Service Providers (MSP) edition before 10.3.3 build 10330, and possibly other ManageEngine products, allows remote attackers or remote authenticated users to execute arbitrary SQL commands via the sv parameter to MetadataServlet.dat.
Affected configurations
Node
zohocorpmanageengine_password_manager_proMatch5.0-
ORzohocorpmanageengine_password_manager_proMatch5.1-
ORzohocorpmanageengine_password_manager_proMatch5.2-
ORzohocorpmanageengine_password_manager_proMatch5.3-
ORzohocorpmanageengine_password_manager_proMatch5.4-
ORzohocorpmanageengine_password_manager_proMatch6.0-
ORzohocorpmanageengine_password_manager_proMatch6.0build6002-
ORzohocorpmanageengine_password_manager_proMatch6.1build6104-
ORzohocorpmanageengine_password_manager_proMatch6.2-
ORzohocorpmanageengine_password_manager_proMatch6.2build6201-
ORzohocorpmanageengine_password_manager_proMatch6.3-
ORzohocorpmanageengine_password_manager_proMatch6.4-
ORzohocorpmanageengine_password_manager_proMatch6.4build6401-
ORzohocorpmanageengine_password_manager_proMatch6.4build6402-
ORzohocorpmanageengine_password_manager_proMatch6.4build6403-
ORzohocorpmanageengine_password_manager_proMatch6.4build6404-
ORzohocorpmanageengine_password_manager_proMatch6.5-
ORzohocorpmanageengine_password_manager_proMatch6.5build6503-
ORzohocorpmanageengine_password_manager_proMatch6.5build6504-
ORzohocorpmanageengine_password_manager_proMatch6.5build6505-
ORzohocorpmanageengine_password_manager_proMatch6.6build6600-
ORzohocorpmanageengine_password_manager_proMatch6.7build6700-
ORzohocorpmanageengine_password_manager_proMatch6.7build6701-
ORzohocorpmanageengine_password_manager_proMatch6.8build6800-
ORzohocorpmanageengine_password_manager_proMatch6.8build6801-
ORzohocorpmanageengine_password_manager_proMatch6.8build6802-
ORzohocorpmanageengine_password_manager_proMatch6.8build6803-
ORzohocorpmanageengine_password_manager_proMatch6.9-
ORzohocorpmanageengine_password_manager_proMatch6.9build6900-
ORzohocorpmanageengine_password_manager_proMatch6.9build6901-
ORzohocorpmanageengine_password_manager_proMatch6.9build6902-
ORzohocorpmanageengine_password_manager_proMatch6.9build6903-
ORzohocorpmanageengine_password_manager_proMatch6.9build6904-
ORzohocorpmanageengine_password_manager_proMatch7.0-
ORzohocorpmanageengine_password_manager_proMatch7.0build7000-
ORzohocorpmanageengine_password_manager_proMatch7.0build7001-
ORzohocorpmanageengine_password_manager_proMatch7.0build7002-
ORzohocorpmanageengine_password_manager_proMatch7.0build7003-
Node
zohocorpmanageengine_it360Range≤10.3.3-
ORzohocorpmanageengine_it360Range≤10.3.3managed_service_providers
Node
zohocorpmanageengine_password_manager_proMatch5.0managed_service_providers
ORzohocorpmanageengine_password_manager_proMatch5.1managed_service_providers
ORzohocorpmanageengine_password_manager_proMatch5.2managed_service_providers
ORzohocorpmanageengine_password_manager_proMatch5.3managed_service_providers
ORzohocorpmanageengine_password_manager_proMatch5.4managed_service_providers
ORzohocorpmanageengine_password_manager_proMatch6.0managed_service_providers
ORzohocorpmanageengine_password_manager_proMatch6.0build6002managed_service_providers
ORzohocorpmanageengine_password_manager_proMatch6.1managed_service_providers
ORzohocorpmanageengine_password_manager_proMatch6.1build6104managed_service_providers
ORzohocorpmanageengine_password_manager_proMatch6.2managed_service_providers
ORzohocorpmanageengine_password_manager_proMatch6.2build6201managed_service_providers
ORzohocorpmanageengine_password_manager_proMatch6.3managed_service_providers
ORzohocorpmanageengine_password_manager_proMatch6.4managed_service_providers
ORzohocorpmanageengine_password_manager_proMatch6.4build6401managed_service_providers
ORzohocorpmanageengine_password_manager_proMatch6.4build6402managed_service_providers
ORzohocorpmanageengine_password_manager_proMatch6.4build6403managed_service_providers
ORzohocorpmanageengine_password_manager_proMatch6.4build6404managed_service_providers
ORzohocorpmanageengine_password_manager_proMatch6.5managed_service_providers
ORzohocorpmanageengine_password_manager_proMatch6.5build6503managed_service_providers
ORzohocorpmanageengine_password_manager_proMatch6.5build6504managed_service_providers
ORzohocorpmanageengine_password_manager_proMatch6.5build6505managed_service_providers
ORzohocorpmanageengine_password_manager_proMatch6.6build6600managed_service_providers
ORzohocorpmanageengine_password_manager_proMatch6.7build6700managed_service_providers
ORzohocorpmanageengine_password_manager_proMatch6.7build6701managed_service_providers
ORzohocorpmanageengine_password_manager_proMatch6.8build6800managed_service_providers
ORzohocorpmanageengine_password_manager_proMatch6.8build6801managed_service_providers
ORzohocorpmanageengine_password_manager_proMatch6.8build6802managed_service_providers
ORzohocorpmanageengine_password_manager_proMatch6.8build6803managed_service_providers
ORzohocorpmanageengine_password_manager_proMatch6.9managed_service_providers
ORzohocorpmanageengine_password_manager_proMatch6.9build6900managed_service_providers
ORzohocorpmanageengine_password_manager_proMatch6.9build6901managed_service_providers
ORzohocorpmanageengine_password_manager_proMatch6.9build6902managed_service_providers
ORzohocorpmanageengine_password_manager_proMatch6.9build6903managed_service_providers
ORzohocorpmanageengine_password_manager_proMatch6.9build6904managed_service_providers
ORzohocorpmanageengine_password_manager_proMatch7.0managed_service_providers
ORzohocorpmanageengine_password_manager_proMatch7.0build7000managed_service_providers
ORzohocorpmanageengine_password_manager_proMatch7.0build7001managed_service_providers
ORzohocorpmanageengine_password_manager_proMatch7.0build7002managed_service_providers
ORzohocorpmanageengine_password_manager_proMatch7.0build7003managed_service_providers
Related
prion
prion
Sql injection
2014-12-05 15:59:00
nvd
nvd
CVE-2014-3997
2014-12-05 15:59:01
cvelist
cvelist
CVE-2014-3997
2014-12-05 15:00:00
nessus
nessus
ManageEngine Password Manager Pro < 7.0 Build 7003 SQL Injection
2015-01-23 00:00:00
exploitpack
exploitpack
ManageEngine Password Manager Pro ManageEngine IT360 - SQL Injection
2014-08-20 00:00:00
zdt
zdt
ManageEngine Desktop Central / Password Manager Pro / IT360 SQL Injection
2014-08-20 00:00:00
packetstorm
packetstorm
ManageEngine Desktop Central / Password Manager Pro / IT360 SQL Injection
2014-08-20 00:00:00
exploitdb
exploitdb
ManageEngine Password Manager Pro / ManageEngine IT360 - SQL Injection
2014-08-20 00:00:00
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
8.2 High
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
55.1%
Related for CVE-2014-3997