SQL Injection Vulnerabilities in ZOHO ManageEngine OpManager and IT360

SQL Injection Vulnerabilities in ZOHO ManageEngine OpManager and IT360

CVE-2014-7864 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

Multiple SQL injection vulnerabilities in the FailOverHelperServlet (aka FailServlet) servlet in ZOHO ManageEngine OpManager 8 through 11.5 build 11400 and IT360 10.5 and earlier allow remote attackers and remote authenticated users to execute arbitrary SQL commands via the (1) customerName or (2) serverRole parameter in a standbyUpdateInCentral operation to servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.