Lucene search

MitreCVE-2012-1063

HistoryFeb 14, 2012 - 12:55 a.m.

CVE-2012-1063

2012-02-1400:55:01

CWE-89

mitre

web.nvd.nist.gov

cve-2012-1063

sql injection

manageengine applications manager

nvd

vulnerability

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.8

Confidence

Low

EPSS

0.001

Percentile

42.0%

JSON

Multiple SQL injection vulnerabilities in ManageEngine Applications Manager 9.x and 10.x allow remote attackers to execute arbitrary SQL commands via the (1) viewId parameter to fault/AlarmView.do or (2) period parameter to showHistoryData.do.

Affected configurations

Nvd

Node

manageengineapplications_managerMatch10.0

manageengineapplications_managerMatch10.1

manageengineapplications_managerMatch10.2

manageengineapplications_managerMatch10.3

Node

manageengineapplications_managerMatch9.1

manageengineapplications_managerMatch9.2

manageengineapplications_managerMatch9.3

manageengineapplications_managerMatch9.4

manageengineapplications_managerMatch9.5

VendorProductVersionCPE
manageengineapplications_manager10.0cpe:2.3:a:manageengine:applications_manager:10.0:*:*:*:*:*:*:*
manageengineapplications_manager10.1cpe:2.3:a:manageengine:applications_manager:10.1:*:*:*:*:*:*:*
manageengineapplications_manager10.2cpe:2.3:a:manageengine:applications_manager:10.2:*:*:*:*:*:*:*
manageengineapplications_manager10.3cpe:2.3:a:manageengine:applications_manager:10.3:*:*:*:*:*:*:*
manageengineapplications_manager9.1cpe:2.3:a:manageengine:applications_manager:9.1:*:*:*:*:*:*:*
manageengineapplications_manager9.2cpe:2.3:a:manageengine:applications_manager:9.2:*:*:*:*:*:*:*
manageengineapplications_manager9.3cpe:2.3:a:manageengine:applications_manager:9.3:*:*:*:*:*:*:*
manageengineapplications_manager9.4cpe:2.3:a:manageengine:applications_manager:9.4:*:*:*:*:*:*:*
manageengineapplications_manager9.5cpe:2.3:a:manageengine:applications_manager:9.5:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
manageengine	applications_manager	10.0	cpe:2.3:a:manageengine:applications_manager:10.0:::::::*
manageengine	applications_manager	10.1	cpe:2.3:a:manageengine:applications_manager:10.1:::::::*
manageengine	applications_manager	10.2	cpe:2.3:a:manageengine:applications_manager:10.2:::::::*
manageengine	applications_manager	10.3	cpe:2.3:a:manageengine:applications_manager:10.3:::::::*
manageengine	applications_manager	9.1	cpe:2.3:a:manageengine:applications_manager:9.1:::::::*
manageengine	applications_manager	9.2	cpe:2.3:a:manageengine:applications_manager:9.2:::::::*
manageengine	applications_manager	9.3	cpe:2.3:a:manageengine:applications_manager:9.3:::::::*
manageengine	applications_manager	9.4	cpe:2.3:a:manageengine:applications_manager:9.4:::::::*
manageengine	applications_manager	9.5	cpe:2.3:a:manageengine:applications_manager:9.5:::::::*

References

packetstormsecurity.org/files/view/109238/VL-115.txt

www.securityfocus.com/bid/51796

www.vulnerability-lab.com/get_content.php?id=115

exchange.xforce.ibmcloud.com/vulnerabilities/72831

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.8

Confidence

Low

EPSS

0.001

Percentile

42.0%

JSON

Related for CVE-2012-1063