CVE-2014-7867
Summary
| CVE | CVE-2014-7867 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2014-12-04 17:59:00 UTC |
| Updated | 2019-07-15 17:45:00 UTC |
| Description | SQL injection vulnerability in the com.manageengine.opmanager.servlet.UpdateProbeUpgradeStatus servlet in ZOHO ManageEngine OpManager 11.3 and 11.4, IT360 10.3 and 10.4, and Social IT Plus 11.0 allows remote attackers or remote authenticated users to execute arbitrary SQL commands via the probeName parameter. |
Risk And Classification
Problem Types: CWE-89
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Zohocorp | Manageengine It360 | 10.3.0 | All | All | All |
| Application | Zohocorp | Manageengine It360 | 10.4 | All | All | All |
| Application | Zohocorp | Manageengine It360 | 10.3.0 | All | All | All |
| Application | Zohocorp | Manageengine It360 | 10.4 | All | All | All |
| Application | Zohocorp | Manageengine Opmanager | 11.3 | All | All | All |
| Application | Zohocorp | Manageengine Opmanager | 11.4 | All | All | All |
| Application | Zohocorp | Manageengine Opmanager | 11.3 | All | All | All |
| Application | Zohocorp | Manageengine Opmanager | 11.4 | All | All | All |
| Application | Zohocorp | Manageengine Social It Plus | 11.0 | All | All | All |
| Application | Zohocorp | Manageengine Social It Plus | 11.0 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| SQL Injection Vulnerability FIx | CONFIRM | support.zoho.com | Patch |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.