Lucene search

[email protected]NVD:CVE-2015-5459

HistoryJul 08, 2015 - 3:59 p.m.

CVE-2015-5459

2015-07-0815:59:12

CWE-89

[email protected]

web.nvd.nist.gov

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

AI Score

7.9

Confidence

Low

EPSS

0.008

Percentile

82.2%

JSON

SQL injection vulnerability in the AdvanceSearch.class in AdventNetPassTrix.jar in ManageEngine Password Manager Pro (PMP) before 8.1 Build 8101 allows remote authenticated users to execute arbitrary SQL commands via the ANDOR parameter, as demonstrated by a request to STATE_ID/1425543888647/SQLAdvancedALSearchResult.cc.

Affected configurations

Nvd

Node

zohocorpmanageengine_password_manager_proRange≤8.1

VendorProductVersionCPE
zohocorpmanageengine_password_manager_pro*cpe:2.3:a:zohocorp:manageengine_password_manager_pro:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
zohocorp	manageengine_password_manager_pro	*	cpe:2.3:a:zohocorp:manageengine_password_manager_pro::::::::

References

packetstormsecurity.com/files/132511/ManageEngine-Password-Manager-Pro-8.1-SQL-Injection.html

seclists.org/fulldisclosure/2015/Jul/19

seclists.org/fulldisclosure/2015/Jun/104

www.securityfocus.com/bid/75692

www.manageengine.com/products/passwordmanagerpro/release-notes.html

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

AI Score

7.9

Confidence

Low

EPSS

0.008

Percentile

82.2%

JSON

Related for NVD:CVE-2015-5459

cvelist1 prion1 cve1