CVE-2014-3996
Last modified
CVE-2014-3996 is a vulnerability of currently unknown severity. SQL injection vulnerability in the LinkViewFetchServlet servlet in ManageEngine Desktop Central (DC) and Desktop Central Managed Service Providers (MSP) edition before 9 build 90043, Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition before 7 build 7003, IT360 and IT360 Managed Service Providers (MSP) edition before 10.3.3 build 10330, and possibly other ManageEngine products, allows remote attackers or remote authenticated users to execute arbitrary SQL commands via the sv parameter to LinkViewFetchServlet.dat.. EPSS estimates a 35.55% chance of exploitation in the next 30 days.
Description
SQL injection vulnerability in the LinkViewFetchServlet servlet in ManageEngine Desktop Central (DC) and Desktop Central Managed Service Providers (MSP) edition before 9 build 90043, Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition before 7 build 7003, IT360 and IT360 Managed Service Providers (MSP) edition before 10.3.3 build 10330, and possibly other ManageEngine products, allows remote attackers or remote authenticated users to execute arbitrary SQL commands via the sv parameter to LinkViewFetchServlet.dat.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Manageengine | It360 | <= 10.3.3 | Build 10330 |
| Manageengine | Password Manager Pro | <= 7.0 | Build 7003 |
| Manageengine | Desktop Central | <= 9.0 | Build 90043 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2014-3996?
How severe is CVE-2014-3996?
How do I fix CVE-2014-3996?
Are you affected by CVE-2014-3996?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST