CVE-2012-1063

CWE-89 — SQL Injection3 documents3 sources

Severity

7.5HIGH

EPSS

0.5%

top 32.99%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Manageengine Applications Manager

Timeline

PublishedFeb 14

Latest updateMay 17

Description

Multiple SQL injection vulnerabilities in ManageEngine Applications Manager 9.x and 10.x allow remote attackers to execute arbitrary SQL commands via the (1) viewId parameter to fault/AlarmView.do or (2) period parameter to showHistoryData.do.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDmanageengine/applications_manager9 versions+8

🔴Vulnerability Details

GHSA

GHSA-868w-34vr-f4r2: Multiple SQL injection vulnerabilities in ManageEngine Applications Manager 9↗2022-05-17

▶

CVEList

CVE-2012-1063: Multiple SQL injection vulnerabilities in ManageEngine Applications Manager 9↗2012-02-14

▶