SQL injection vulnerability in the MetadataServlet servlet in ManageEngine Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition 5 through 7 build 7003, IT360 and IT360 Managed Service Providers (MSP) edition before 10.3.3 build 10330, and possibly other ManageEngine products, allows remote attackers or remote authenticated users to execute arbitrary SQL commands via the sv parameter to MetadataServlet.dat.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2014-12-05T15:00:00
Updated: 2024-08-06T11:04:27.709Z
Reserved: 2014-06-06T00:00:00
Link: CVE-2014-3997
Vulnrichment
No data.
NVD
Status : Modified
Published: 2014-12-05T15:59:01.353
Modified: 2024-11-21T02:09:18.147
Link: CVE-2014-3997
Redhat
No data.