PT-2014-5663 · Manageengine · It360 Managed Service Providers (Msp) Edition+3
Publicado
2014-12-05
·
Atualizado
2019-07-16
·
CVE-2014-3997
CVSS v2.0
7.5
Alta
| Vetor | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
ManageEngine Password Manager Pro (PMP) versions 5 through 7 build 7003
ManageEngine Password Manager Pro Managed Service Providers (MSP) edition versions 5 through 7 build 7003
ManageEngine IT360 and IT360 Managed Service Providers (MSP) edition versions prior to 10.3.3 build 10330
Description
A SQL injection issue exists in the MetadataServlet servlet, allowing remote attackers or remote authenticated users to execute arbitrary SQL commands. This is achieved by manipulating the
sv parameter to MetadataServlet.dat.Recommendations
For ManageEngine Password Manager Pro (PMP) versions 5 through 7 build 7003, update to a version later than 7 build 7003.
For ManageEngine Password Manager Pro Managed Service Providers (MSP) edition versions 5 through 7 build 7003, update to a version later than 7 build 7003.
For ManageEngine IT360 and IT360 Managed Service Providers (MSP) edition versions prior to 10.3.3 build 10330, update to version 10.3.3 build 10330 or later.
Exploit
Correção
SQL injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
It360 Managed Service Providers (Msp) Edition
Manageengine It360
Manageengine Password Manager Pro
Manageengine Password Manager Pro Managed Service Providers Edition