CVE-2014-9371 — Improper Input Validation in Manageengine Desktop Central

CWE-20 — Improper Input Validation3 documents3 sources

Severity

10.0CRITICALNVD

EPSS

10.2%

top 6.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Zohocorp Manageengine Desktop Central

Timeline

PublishedDec 16

Latest updateMay 17

Description

The NativeAppServlet in ManageEngine Desktop Central MSP before 90075 allows remote attackers to execute arbitrary code via a crafted JSON object.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

▶NVDzohocorp/manageengine_desktop_central9.0

🔴Vulnerability Details

GHSA

GHSA-6cwm-9xcg-xhpj: The NativeAppServlet in ManageEngine Desktop Central MSP before 90075 allows remote attackers to execute arbitrary code via a crafted JSON object↗2022-05-17

▶

CVEList

CVE-2014-9371: The NativeAppServlet in ManageEngine Desktop Central MSP before 90075 allows remote attackers to execute arbitrary code via a crafted JSON object↗2014-12-16

▶