CVE-2014-3997

SQL injection vulnerability in the MetadataServlet servlet in ManageEngine Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition 5 through 7 build 7003, IT360 and IT360 Managed Service Providers (MSP) edition before 10.3.3 build 10330, and possibly other ManageEngine products, allows remote attackers or remote authenticated users to execute arbitrary SQL commands via the sv parameter to MetadataServlet.dat.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:zohocorp:manageengine_password_manager_pro:5.2:*:*:*:-:*:*:*
cpe:2.3:a:zohocorp:manageengine_password_manager_pro:5.4:*:*:*:-:*:*:*
cpe:2.3:a:zohocorp:manageengine_password_manager_pro:6.2:build6201:*:*:-:*:*:*
cpe:2.3:a:zohocorp:manageengine_password_manager_pro:6.4:*:*:*:-:*:*:*
cpe:2.3:a:zohocorp:manageengine_password_manager_pro:6.4:build6402:*:*:-:*:*:*
cpe:2.3:a:zohocorp:manageengine_password_manager_pro:6.5:build6504:*:*:-:*:*:*
cpe:2.3:a:zohocorp:manageengine_password_manager_pro:6.6:build6600:*:*:-:*:*:*
cpe:2.3:a:zohocorp:manageengine_password_manager_pro:6.9:*:*:*:-:*:*:*
cpe:2.3:a:zohocorp:manageengine_password_manager_pro:6.9:build6901:*:*:-:*:*:*
cpe:2.3:a:zohocorp:manageengine_password_manager_pro:7.0:build7000:*:*:-:*:*:*
cpe:2.3:a:zohocorp:manageengine_password_manager_pro:7.0:build7002:*:*:-:*:*:*
cpe:2.3:a:zohocorp:manageengine_password_manager_pro:5.0:*:*:*:-:*:*:*
cpe:2.3:a:zohocorp:manageengine_password_manager_pro:5.1:*:*:*:-:*:*:*
cpe:2.3:a:zohocorp:manageengine_password_manager_pro:5.3:*:*:*:-:*:*:*
cpe:2.3:a:zohocorp:manageengine_password_manager_pro:6.0:*:*:*:-:*:*:*
cpe:2.3:a:zohocorp:manageengine_password_manager_pro:6.0:build6002:*:*:-:*:*:*
cpe:2.3:a:zohocorp:manageengine_password_manager_pro:6.1:build6104:*:*:-:*:*:*
cpe:2.3:a:zohocorp:manageengine_password_manager_pro:6.2:*:*:*:-:*:*:*
cpe:2.3:a:zohocorp:manageengine_password_manager_pro:6.3:*:*:*:-:*:*:*
cpe:2.3:a:zohocorp:manageengine_password_manager_pro:6.4:build6401:*:*:-:*:*:*
cpe:2.3:a:zohocorp:manageengine_password_manager_pro:6.4:build6403:*:*:-:*:*:*
cpe:2.3:a:zohocorp:manageengine_password_manager_pro:6.4:build6404:*:*:-:*:*:*
cpe:2.3:a:zohocorp:manageengine_password_manager_pro:6.5:*:*:*:-:*:*:*
cpe:2.3:a:zohocorp:manageengine_password_manager_pro:6.5:build6503:*:*:-:*:*:*
cpe:2.3:a:zohocorp:manageengine_password_manager_pro:6.5:build6505:*:*:-:*:*:*
cpe:2.3:a:zohocorp:manageengine_password_manager_pro:6.7:build6701:*:*:-:*:*:*
cpe:2.3:a:zohocorp:manageengine_password_manager_pro:6.8:build6800:*:*:-:*:*:*
cpe:2.3:a:zohocorp:manageengine_password_manager_pro:6.8:build6801:*:*:-:*:*:*
cpe:2.3:a:zohocorp:manageengine_password_manager_pro:6.8:build6802:*:*:-:*:*:*
cpe:2.3:a:zohocorp:manageengine_password_manager_pro:6.9:build6902:*:*:-:*:*:*
cpe:2.3:a:zohocorp:manageengine_password_manager_pro:6.9:build6903:*:*:-:*:*:*
cpe:2.3:a:zohocorp:manageengine_password_manager_pro:6.9:build6904:*:*:-:*:*:*
cpe:2.3:a:zohocorp:manageengine_password_manager_pro:7.0:*:*:*:-:*:*:*
cpe:2.3:a:zohocorp:manageengine_password_manager_pro:6.7:build6700:*:*:-:*:*:*
cpe:2.3:a:zohocorp:manageengine_password_manager_pro:6.8:build6803:*:*:-:*:*:*
cpe:2.3:a:zohocorp:manageengine_password_manager_pro:6.9:build6900:*:*:-:*:*:*
cpe:2.3:a:zohocorp:manageengine_password_manager_pro:7.0:build7001:*:*:-:*:*:*
cpe:2.3:a:zohocorp:manageengine_password_manager_pro:7.0:build7003:*:*:-:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:zohocorp:manageengine_it360:*:*:*:*:-:*:*:*
cpe:2.3:a:zohocorp:manageengine_it360:*:*:*:*:managed_service_providers:*:*:*

Configuration 3 (hide)

OR cpe:2.3:a:zohocorp:manageengine_password_manager_pro:5.1:*:*:*:managed_service_providers:*:*:*
cpe:2.3:a:zohocorp:manageengine_password_manager_pro:5.3:*:*:*:managed_service_providers:*:*:*
cpe:2.3:a:zohocorp:manageengine_password_manager_pro:6.2:build6201:*:*:managed_service_providers:*:*:*
cpe:2.3:a:zohocorp:manageengine_password_manager_pro:6.4:*:*:*:managed_service_providers:*:*:*
cpe:2.3:a:zohocorp:manageengine_password_manager_pro:6.5:*:*:*:managed_service_providers:*:*:*
cpe:2.3:a:zohocorp:manageengine_password_manager_pro:6.5:build6504:*:*:managed_service_providers:*:*:*
cpe:2.3:a:zohocorp:manageengine_password_manager_pro:6.6:build6600:*:*:managed_service_providers:*:*:*
cpe:2.3:a:zohocorp:manageengine_password_manager_pro:6.8:build6802:*:*:managed_service_providers:*:*:*
cpe:2.3:a:zohocorp:manageengine_password_manager_pro:6.9:*:*:*:managed_service_providers:*:*:*
cpe:2.3:a:zohocorp:manageengine_password_manager_pro:7.0:build7000:*:*:managed_service_providers:*:*:*
cpe:2.3:a:zohocorp:manageengine_password_manager_pro:7.0:build7002:*:*:managed_service_providers:*:*:*
cpe:2.3:a:zohocorp:manageengine_password_manager_pro:5.4:*:*:*:managed_service_providers:*:*:*
cpe:2.3:a:zohocorp:manageengine_password_manager_pro:6.3:*:*:*:managed_service_providers:*:*:*
cpe:2.3:a:zohocorp:manageengine_password_manager_pro:6.0:*:*:*:managed_service_providers:*:*:*
cpe:2.3:a:zohocorp:manageengine_password_manager_pro:6.2:*:*:*:managed_service_providers:*:*:*
cpe:2.3:a:zohocorp:manageengine_password_manager_pro:5.0:*:*:*:managed_service_providers:*:*:*
cpe:2.3:a:zohocorp:manageengine_password_manager_pro:5.2:*:*:*:managed_service_providers:*:*:*
cpe:2.3:a:zohocorp:manageengine_password_manager_pro:6.1:*:*:*:managed_service_providers:*:*:*
cpe:2.3:a:zohocorp:manageengine_password_manager_pro:6.0:build6002:*:*:managed_service_providers:*:*:*
cpe:2.3:a:zohocorp:manageengine_password_manager_pro:6.1:build6104:*:*:managed_service_providers:*:*:*
cpe:2.3:a:zohocorp:manageengine_password_manager_pro:6.4:build6401:*:*:managed_service_providers:*:*:*
cpe:2.3:a:zohocorp:manageengine_password_manager_pro:6.4:build6402:*:*:managed_service_providers:*:*:*
cpe:2.3:a:zohocorp:manageengine_password_manager_pro:6.4:build6403:*:*:managed_service_providers:*:*:*
cpe:2.3:a:zohocorp:manageengine_password_manager_pro:6.4:build6404:*:*:managed_service_providers:*:*:*
cpe:2.3:a:zohocorp:manageengine_password_manager_pro:6.7:build6700:*:*:managed_service_providers:*:*:*
cpe:2.3:a:zohocorp:manageengine_password_manager_pro:6.7:build6701:*:*:managed_service_providers:*:*:*
cpe:2.3:a:zohocorp:manageengine_password_manager_pro:6.8:build6800:*:*:managed_service_providers:*:*:*
cpe:2.3:a:zohocorp:manageengine_password_manager_pro:6.8:build6801:*:*:managed_service_providers:*:*:*
cpe:2.3:a:zohocorp:manageengine_password_manager_pro:6.9:build6901:*:*:managed_service_providers:*:*:*
cpe:2.3:a:zohocorp:manageengine_password_manager_pro:6.9:build6902:*:*:managed_service_providers:*:*:*
cpe:2.3:a:zohocorp:manageengine_password_manager_pro:6.9:build6903:*:*:managed_service_providers:*:*:*
cpe:2.3:a:zohocorp:manageengine_password_manager_pro:6.9:build6904:*:*:managed_service_providers:*:*:*
cpe:2.3:a:zohocorp:manageengine_password_manager_pro:7.0:build7003:*:*:managed_service_providers:*:*:*
cpe:2.3:a:zohocorp:manageengine_password_manager_pro:6.5:build6503:*:*:managed_service_providers:*:*:*
cpe:2.3:a:zohocorp:manageengine_password_manager_pro:6.5:build6505:*:*:managed_service_providers:*:*:*
cpe:2.3:a:zohocorp:manageengine_password_manager_pro:6.8:build6803:*:*:managed_service_providers:*:*:*
cpe:2.3:a:zohocorp:manageengine_password_manager_pro:6.9:build6900:*:*:managed_service_providers:*:*:*
cpe:2.3:a:zohocorp:manageengine_password_manager_pro:7.0:*:*:*:managed_service_providers:*:*:*
cpe:2.3:a:zohocorp:manageengine_password_manager_pro:7.0:build7001:*:*:managed_service_providers:*:*:*

Information

Published : 2014-12-05 07:59

Updated : 2019-07-16 05:23


NVD link : CVE-2014-3997

Mitre link : CVE-2014-3997


JSON object : View

CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Advertisement

dedicated server usa

Products Affected

zohocorp

  • manageengine_it360
  • manageengine_password_manager_pro