CVE-2014-7868
published 2014-12-04CVE-2014-7868: Multiple SQL injection vulnerabilities in ZOHO ManageEngine OpManager 11.3 and 11.4, IT360 10.3 and 10.4, and Social IT Plus 11.0 allow remote attackers or…
PriorityP267high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
73.32%
99.4th percentile
Multiple SQL injection vulnerabilities in ZOHO ManageEngine OpManager 11.3 and 11.4, IT360 10.3 and 10.4, and Social IT Plus 11.0 allow remote attackers or remote authenticated users to execute arbitrary SQL commands via the (1) OPM_BVNAME parameter in a Delete operation to the APMBVHandler servlet or (2) query parameter in a compare operation to the DataComparisonServlet servlet.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| zohocorp | manageengine_it360 | — | — |
| zohocorp | manageengine_it360 | — | — |
| zohocorp | manageengine_opmanager | — | — |
| zohocorp | manageengine_opmanager | — | — |
| zohocorp | manageengine_social_it_plus | — | — |
Detection & IOCsextracted from sources · hover to see the quote
url/servlet/APMBVHandler?OPERATION_TYPE=Delete&OPM_BVNAME=aaa'%3bcreate+table+pulicia+(bolas+text)%3b--+↗
url/servlet/DataComparisonServlet?operation=compare&numPrimaryKey=1337&query=create+table+panicia+(bolos+text)↗
- →Monitor HTTP POST requests to /servlet/APMBVHandler with OPERATION_TYPE=Delete; inspect OPM_BVNAME parameter for SQL metacharacters (quotes, semicolons, comment sequences) indicative of blind SQL injection. ↗
- →Monitor HTTP POST requests to /servlet/DataComparisonServlet with operation=compare; inspect the query parameter for raw SQL statements, as it runs the query directly against the database. ↗
- →CVE-2014-7868 is unauthenticated on OpManager and Social IT Plus, but requires authentication on IT360 — correlate with session/auth context when triaging alerts on these endpoints. ↗
- ·The SQL injection via DataComparisonServlet executes the attacker-supplied query directly against the database, making it more severe than a typical blind SQLi — treat any hit on this endpoint as critical. ↗
- ·Affected versions span at least OpManager 11.3/11.4, IT360 10.3/10.4, and Social IT Plus 11.0; exact lower bound is unknown ('at least the current versions'). ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
ManageEngine OpManager / Social IT Plus / IT360 - Multiple Vulnerabilities
exploitdb·2014-11-10·CVSS 7.5
CVE-2014-7868 [HIGH] ManageEngine OpManager / Social IT Plus / IT360 - Multiple Vulnerabilities
ManageEngine OpManager / Social IT Plus / IT360 - Multiple Vulnerabilities
---
>> Multiple vulnerabilities in ManageEngine OpManager, Social IT Plus and IT360
>> Discovered by Pedro Ribeiro ([email protected]), Agile Information Security
Disclosure: 27/09/2014 (#1 and #2), 09/11/2014 (#3 and #4) / Last
updated: 09/11/2014
>> Background on the affected products:
"ManageEngine OpManager is a network and data center infrastructure
management software that helps large enterprises, service providers
and SMEs manage their data centers and IT infrastructure efficiently
and cost effectively. Automated workflows, intelligent alerting
engines, configurable discovery rules, and extendable templates enable
IT teams to setup a 24x7 monitoring system within hours of
installation."
"Social IT Plus off
Exploit-DB
ManageEngine OpManager / Social IT Plus / IT360 - Multiple Vulnerabilities
exploitdb·2014-11-09·CVSS 5.0
CVE-2014-7868 [MEDIUM] ManageEngine OpManager / Social IT Plus / IT360 - Multiple Vulnerabilities
ManageEngine OpManager / Social IT Plus / IT360 - Multiple Vulnerabilities
---
>> Multiple vulnerabilities in ManageEngine OpManager, Social IT Plus and IT360
>> Discovered by Pedro Ribeiro ([email protected]), Agile Information Security
Disclosure: 27/09/2014 (#1 and #2), 09/11/2014 (#3 and #4) / Last updated: 09/11/2014
>> Background on the affected products:
"ManageEngine OpManager is a network and data center infrastructure management software that helps large enterprises, service providers and SMEs manage their data centers and IT infrastructure efficiently and cost effectively. Automated workflows, intelligent alerting engines, configurable discovery rules, and extendable templates enable IT teams to setup a 24x7 monitoring system within hours of installation."
"Social IT Plus off
No writeups or analysis indexed.
http://packetstormsecurity.com/files/129037/ManageEngine-OpManager-Social-IT-Plus-IT360-File-Upload-SQL-Injection.htmlhttp://seclists.org/fulldisclosure/2014/Nov/21http://www.securityfocus.com/archive/1/533946/100/0/threadedhttp://www.securityfocus.com/bid/71002https://raw.githubusercontent.com/pedrib/PoC/master/ManageEngine/me_opmanager_socialit_it360.txthttps://support.zoho.com/portal/manageengine/helpcenter/articles/sql-injection-vulnerability-fixhttp://packetstormsecurity.com/files/129037/ManageEngine-OpManager-Social-IT-Plus-IT360-File-Upload-SQL-Injection.htmlhttp://seclists.org/fulldisclosure/2014/Nov/21http://www.securityfocus.com/archive/1/533946/100/0/threadedhttp://www.securityfocus.com/bid/71002https://raw.githubusercontent.com/pedrib/PoC/master/ManageEngine/me_opmanager_socialit_it360.txthttps://support.zoho.com/portal/manageengine/helpcenter/articles/sql-injection-vulnerability-fix
2014-12-04
Published