SQL Injection in Zohocorp Manageengine_it360

CVE-2014-7867

SQL injection vulnerability in the com.manageengine.opmanager.servlet.UpdateProbeUpgradeStatus servlet in ZOHO ManageEngine OpManager 11.3 and 11.4, IT360 10.3 and 10.4, and Social IT Plus 11.0 allows remote attackers or remote authenticat…

Vulnerability class: SQL Injection

EPSS: 0.621 (98.4th percentile) — read the EPSS interpretation.

Affected products

Zohocorp Manageengine_it360 — versions 10.3.0, 10.4
Zohocorp Manageengine_opmanager — versions 11.3, 11.4
Zohocorp Manageengine_social_it_plus — versions 11.0
N/a — versions n/a

Weakness classification (CWE)

CWE-89 — SQL Injection

References

cve@mitre.org (x_refsource_CONFIRM, Patch)