CVE-2014-7867
Summary
| CVE | CVE-2014-7867 |
|---|---|
| State | PUBLISHED |
| Assigner | mitre |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2014-12-04 17:59:05 UTC |
| Updated | 2026-05-06 22:30:45 UTC |
| Description | SQL injection vulnerability in the com.manageengine.opmanager.servlet.UpdateProbeUpgradeStatus servlet in ZOHO ManageEngine OpManager 11.3 and 11.4, IT360 10.3 and 10.4, and Social IT Plus 11.0 allows remote attackers or remote authenticated users to execute arbitrary SQL commands via the probeName parameter. |
Risk And Classification
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
LowAuthentication
NoneConfidentiality
PartialIntegrity
PartialAvailability
PartialAV:N/AC:L/Au:N/C:P/I:P/A:P
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Zohocorp | Manageengine It360 | 10.3.0 | All | All | All |
| Application | Zohocorp | Manageengine It360 | 10.4 | All | All | All |
| Application | Zohocorp | Manageengine Opmanager | 11.3 | All | All | All |
| Application | Zohocorp | Manageengine Opmanager | 11.4 | All | All | All |
| Application | Zohocorp | Manageengine Social It Plus | 11.0 | All | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| SQL Injection Vulnerability FIx | af854a3a-2127-422b-91ae-364da2661108 | support.zoho.com | Patch |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.