Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-1063

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2012-1063
Last Modified 14 Feb 2012 12:49:25
Published 13 Feb 2012 07:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-1063

Summary

Multiple SQL injection vulnerabilities in ManageEngine Applications Manager 9.x and 10.x allow remote attackers to execute arbitrary SQL commands via the (1) viewId parameter to fault/AlarmView.do or (2) period parameter to showHistoryData.do.

Vulnerable Systems

Application

  • Manageengine Applications Manager 10.0

  • Manageengine Applications Manager 10.1

  • Manageengine Applications Manager 10.2

  • Manageengine Applications Manager 10.3

  • Manageengine Applications Manager 9.1

  • Manageengine Applications Manager 9.2

  • Manageengine Applications Manager 9.3

  • Manageengine Applications Manager 9.4

  • Manageengine Applications Manager 9.5


References

XF - meapplication-multiple-sql-injection(72831)

MISC - http://www.vulnerability-lab.com/get_content.php?id=115

BID - 51796

MISC - http://packetstormsecurity.org/files/view/109238/VL-115.txt


Last Updated: 27 May 2016 10:57:26