CVE-2014-7867
published 2014-12-04CVE-2014-7867: SQL injection vulnerability in the com.manageengine.opmanager.servlet.UpdateProbeUpgradeStatus servlet in ZOHO ManageEngine OpManager 11.3 and 11.4, IT360 10.3…
PriorityP356high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
39.93%
98.4th percentile
SQL injection vulnerability in the com.manageengine.opmanager.servlet.UpdateProbeUpgradeStatus servlet in ZOHO ManageEngine OpManager 11.3 and 11.4, IT360 10.3 and 10.4, and Social IT Plus 11.0 allows remote attackers or remote authenticated users to execute arbitrary SQL commands via the probeName parameter.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| zohocorp | manageengine_it360 | — | — |
| zohocorp | manageengine_it360 | — | — |
| zohocorp | manageengine_opmanager | — | — |
| zohocorp | manageengine_opmanager | — | — |
| zohocorp | manageengine_social_it_plus | — | — |
Detection & IOCsextracted from sources · hover to see the quote
commandPOST /servlet/APMBVHandler?OPERATION_TYPE=Delete&OPM_BVNAME=aaa'%3bcreate+table+pulicia+(bolas+text)%3b--+↗
- →Monitor HTTP POST requests to /servlet/APMBVHandler with OPM_BVNAME parameter containing SQL metacharacters (e.g., single quotes, semicolons, SQL keywords like 'create table') ↗
- →The incomplete patch for CVE-2014-7867 only blocks payloads containing the literal string 'create table'; bypass attempts using other SQL injection strings not containing 'create table' will not be blocked by the patch in versions 11.3–11.5 ↗
- →Affected servlet class is DeviceDetailsUtil.class inside OpManagerServerClasses.jar; inspect this JAR for patch status ↗
- ·The patch applied in version 11.5 only blocks SQL injection payloads containing the literal string 'create table' (case-insensitive); other SQL injection strings bypass the filter entirely, meaning the fix is incomplete until version 11.6+ ↗
- ·The SQLi in OPM_BVNAME is only fully fixed in version 11.6 or later, including version 12 Build 12000; versions 11.3, 11.4, and 11.5 remain partially or fully vulnerable ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
2014-12-04
Published