SQL Injection Vulnerability in ManageEngine Products
CVE-2014-3996

Currently unrated

Key Information:

Vendor

Manageengine
Status
It360
Vendor
CVE Published:
5 December 2014

What is CVE-2014-3996?

The vulnerability allows remote attackers or authenticated users to execute arbitrary SQL commands through the sv parameter in the LinkViewFetchServlet of various ManageEngine products. This may lead to unauthorized access to sensitive data and potential manipulation of the database. Affected versions include ManageEngine Desktop Central, Password Manager Pro, and IT360, among others. Users of these products should apply the necessary patches to secure their systems.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://seclists.org/fulldisclosure/2014/Aug/55
mailing-listx_refsource_FULLDISC
http://www.securityfocus.com/bid/69305
vdb-entryx_refsource_BID
https://raw.githubusercontent.com/pedrib/PoC/master/Manag...
x_refsource_MISC

EPSS Score

71% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.