What is CVE-2014-3996?

CVE-2014-3996 is a vulnerability in Manageengine Desktop_central, classified under SQL Injection. Published 2014-12-05.

Is CVE-2014-3996 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

SQL Injection in Manageengine Desktop_central

CVE-2014-3996

SQL injection vulnerability in the LinkViewFetchServlet servlet in ManageEngine Desktop Central (DC) and Desktop Central Managed Service Providers (MSP) edition before 9 build 90043, Password Manager Pro (PMP) and Password Manager Pro Mana…

Vulnerability class: SQL Injection

EPSS: 0.712 (98.7th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

CWE-89 — SQL Injection

Public proof-of-concept exploits

References

20140819 [The ManageOwnage Series, part I]: blind SQL injection in two servlets (metasploit module included) (mailing-list, Exploit, x_refsource_FULLDISC)
69305 (vdb-entry, x_refsource_BID)
cve@mitre.org (Exploit, x_refsource_MISC)
cve@mitre.org (Exploit, x_refsource_MISC)
cve@mitre.org (Exploit, x_refsource_MISC)
20140830 Re: [The ManageOwnage Series, part I]: blind SQL injection in two servlets (metasploit module included) (mailing-list, Exploit, x_refsource_FULLDISC)

Frequently asked questions

What is CVE-2014-3996?: CVE-2014-3996 is a vulnerability in Manageengine Desktop_central, classified under SQL Injection. Published 2014-12-05.
Is CVE-2014-3996 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.