SQL Injection in Zohocorp Manageengine_opmanager

CVE-2014-7864

Multiple SQL injection vulnerabilities in the FailOverHelperServlet (aka FailServlet) servlet in ZOHO ManageEngine OpManager 8 through 11.5 build 11400 and IT360 10.5 and earlier allow remote attackers and remote authenticated users to exe…

Vulnerability class: SQL Injection

EPSS: 0.322 (96.9th percentile) — read the EPSS interpretation.

Affected products

Zohocorp Manageengine_opmanager — versions 8.8, 9.0, 9.1
N/a — versions n/a

Weakness classification (CWE)

CWE-89 — SQL Injection

References

manageengine-cve20147864-sql-injection(100555) (vdb-entry, x_refsource_XF)
20150128 [The ManageOwnage Series, part XII]: Multiple vulnerabilities in FailOverServlet (OpManager, AppManager, IT360) (mailing-list, Exploit, x_refsource_FULLDISC)
cve@mitre.org (Exploit, x_refsource_MISC)
cve@mitre.org (x_refsource_CONFIRM, Exploit)
20150128 [The ManageOwnage Series, part XII]: Multiple vulnerabilities in FailOverServlet (OpManager, AppManager, IT360) (mailing-list, x_refsource_BUGTRAQ)
cve@mitre.org (Exploit, x_refsource_MISC)