CVE-2014-7864

Опубликовано: 04 фев. 2015

Источник: nvd

CVSS2: 7.5

EPSS Средний

Описание

Multiple SQL injection vulnerabilities in the FailOverHelperServlet (aka FailServlet) servlet in ZOHO ManageEngine OpManager 8 through 11.5 build 11400 and IT360 10.5 and earlier allow remote attackers and remote authenticated users to execute arbitrary SQL commands via the (1) customerName or (2) serverRole parameter in a standbyUpdateInCentral operation to servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:zohocorp:manageengine_opmanager:8.8:*:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:9.0:*:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:9.1:*:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:9.2:*:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:9.4:*:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:10.0:*:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:10.1:*:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:10.2:*:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:11.0:*:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:11.1:*:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:11.2:*:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:11.3:*:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:11.4:*:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:11.5:*:*:*:*:*:*:*

EPSS

Процентиль: 97%

0.32185

Средний

7.5 High

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-f4g5-8f5m-c4xh

github

больше 3 лет назад