Intrusion Prevention

ManageEngine.Password.Manager.MetadataServlet.DAT.SQL.Injection

Description

This indicates an attack attempt to exploit a SQL Injection Vulnerability in Multiple ManageEngine products.
The vulnerability is due to an input validation error while parsing a crafted HTTP request. A remote attacker could exploit this to execute arbitrary code within the context of target application, via a crafted HTTP request.

Affected Products

ManageEngine Password Manager Pro (PMP) 5 and 7 build 7002
ManageEngine IT360 8 and 10.1.1 build 10110
ManageEngine Desktop Central 4 and 9 build 90033

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Currently we are unaware of any vendor supplied patch for this issue.

CVE References

CVE-2014-3996