SQL injection vulnerability in the LinkViewFetchServlet servlet in ManageEngine Desktop Central (DC) and Desktop Central Managed Service Providers (MSP) edition before 9 build 90043, Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition before 7 build 7003, IT360 and IT360 Managed Service Providers (MSP) edition before 10.3.3 build 10330, and possibly other ManageEngine products, allows remote attackers or remote authenticated users to execute arbitrary SQL commands via the sv parameter to LinkViewFetchServlet.dat.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2014-12-05T15:00:00
Updated: 2024-08-06T11:04:26.925Z
Reserved: 2014-06-06T00:00:00
Link: CVE-2014-3996
Vulnrichment
No data.
NVD
Status : Modified
Published: 2014-12-05T15:59:00.073
Modified: 2024-11-21T02:09:17.983
Link: CVE-2014-3996
Redhat
No data.