Lucene search

PRIOn knowledge basePRION:CVE-2014-8499

HistoryNov 17, 2014 - 4:59 p.m.

Sql injection

2014-11-1716:59:00

PRIOn knowledge base

www.prio-n.com

8.7 High

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.021 Low

EPSS

Percentile

88.8%

JSON

Multiple SQL injection vulnerabilities in ManageEngine Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition before 7.1 build 7105 allow remote authenticated users to execute arbitrary SQL commands via the SEARCH_ALL parameter to (1) SQLAdvancedALSearchResult.cc or (2) AdvancedSearchResult.cc.

CPENameOperatorVersion
password_manager_prole7.1
password_manager_prole7.1

CPE	Name	Operator	Version
	password_manager_pro	le	7.1
	password_manager_pro	le	7.1

References

osvdb.org/show/osvdb/114484

osvdb.org/show/osvdb/114485

packetstormsecurity.com/files/129036/Password-Manager-Pro-SQL-Injection.html

seclists.org/fulldisclosure/2014/Nov/18

www.securityfocus.com/bid/71018

exchange.xforce.ibmcloud.com/vulnerabilities/98595

exchange.xforce.ibmcloud.com/vulnerabilities/98597

raw.githubusercontent.com/pedrib/PoC/master/ManageEngine/me_pmp_privesc.txt

www.exploit-db.com/exploits/35210

8.7 High

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.021 Low

EPSS

Percentile

88.8%

JSON

Related for PRION:CVE-2014-8499