CVE-2014-3996

Name of the Vulnerable Software and Affected Versions ManageEngine Desktop Central versions prior to 9 build 90043 ManageEngine Desktop Central Managed Service Providers edition versions prior to 9 build 90043 ManageEngine Password Manager Pro versions prior to 7 build 7003 ManageEngine Password Manager Pro Managed Service Providers edition versions prior to 7 build 7003 ManageEngine IT360 versions prior to 10.3.3 build 10330 ManageEngine IT360 Managed Service Providers edition versions prior to 10.3.3 build 10330

Description A SQL injection issue exists in the LinkViewFetchServlet servlet, allowing remote attackers or remote authenticated users to execute arbitrary SQL commands via the sv parameter to LinkViewFetchServlet.dat. This could potentially lead to unauthorized data access or modification.

Recommendations For ManageEngine Desktop Central versions prior to 9 build 90043, update to version 9 build 90043 or later. For ManageEngine Desktop Central Managed Service Providers edition versions prior to 9 build 90043, update to version 9 build 90043 or later. For ManageEngine Password Manager Pro versions prior to 7 build 7003, update to version 7 build 7003 or later. For ManageEngine Password Manager Pro Managed Service Providers edition versions prior to 7 build 7003, update to version 7 build 7003 or later. For ManageEngine IT360 versions prior to 10.3.3 build 10330, update to version 10.3.3 build 10330 or later. For ManageEngine IT360 Managed Service Providers edition versions prior to 10.3.3 build 10330, update to version 10.3.3 build 10330 or later.