ID de Prueba:	1.3.6.1.4.1.25623.1.0.805473
Categoría:	Web application abuses
Título:	ManageEngine OpManager Multiple Vulnerabilities (Feb 2015) - Active Check
Resumen:	ManageEngine OpManager is prone to multiple vulnerabilities.
Descripción:	Summary: ManageEngine OpManager is prone to multiple vulnerabilities. Vulnerability Insight: The flaw is due to multiple SQL injection, local file include and file overwrite vulnerabilities in the FailOverHelperServlet (aka FailServlet) servlet. Vulnerability Impact: Successful exploitation will allow remote remote attackers and remote authenticated users to execute arbitrary SQL commands via the customerName or serverRole parameter in a standbyUpdateInCentral operation or to read/overwrite arbitrary files to servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet. Affected Software/OS: ManageEngine OpManager version 8 through 11.5 build 11400. Solution: Update to version 11.6 or install the patch for 11.4 / 11.5. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-7864 Bugtraq: 20150128 [The ManageOwnage Series, part XII]: Multiple vulnerabilities in FailOverServlet (OpManager, AppManager, IT360) (Google Search) http://www.securityfocus.com/archive/1/534575/100/0/threaded http://seclists.org/fulldisclosure/2015/Jan/114 http://packetstormsecurity.com/files/130162/ManageEngine-File-Download-Content-Disclosure-SQL-Injection.html https://raw.githubusercontent.com/pedrib/PoC/master/ManageEngine/me_failservlet.txt XForce ISS Database: manageengine-cve20147864-sql-injection(100555) https://exchange.xforce.ibmcloud.com/vulnerabilities/100555
Copyright	Copyright (C) 2015 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.