CVE-2015-7387

ManageEngine EventLog Analyzer Remote Code Execution

Severity Score

7.5

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

ZOHO ManageEngine EventLog Analyzer 10.6 build 10060 and earlier allows remote attackers to bypass intended restrictions and execute arbitrary SQL commands via an allowed query followed by a disallowed one in the query parameter to event/runQuery.do, as demonstrated by "SELECT 1;INSERT INTO." Fixed in Build 11200.

ZOHO ManageEngine EventLog Analyzer 10.6 build 10060 y versiones anteriores permite a los atacantes remotos eludir las restricciones previstas y ejecutar comandos SQL arbitrarios a través de una consulta permitida seguida de una no permitida en el parámetro de consulta para event / runQuery.do, como lo demuestra "SELECT 1; INSERT INTO ". Corregido en Build 11200.

*Credits: N/A

CVSS Scores

NISTv2 7.5

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2015-07-11 First Exploit
2015-09-28 CVE Reserved
2015-09-28 CVE Published
2024-04-22 EPSS Updated
2024-08-06 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CAPEC

References (8)

URL	Tag	Source
http://www.rapid7.com/db/modules/exploit/windows/misc/manageengine_eventlog_analyzer_rce	X_refsource_misc
https://seclists.org/fulldisclosure/2015/Sep/59

URL	Date	SRC
https://www.exploit-db.com/exploits/38173	2024-08-06
https://www.exploit-db.com/exploits/38352	2024-08-06
http://packetstormsecurity.com/files/133581/ManageEngine-EventLog-Analyzer-10.6-Build-10060-SQL-Query-Execution.html	2024-08-06
http://packetstormsecurity.com/files/133747/ManageEngine-EventLog-Analyzer-Remote-Code-Execution.html	2024-08-06
http://seclists.org/fulldisclosure/2015/Sep/59	2024-08-06
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/misc/manageengine_eventlog_analyzer_rce.rb	2015-07-11

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Zohocorp Search vendor "Zohocorp"		Manageengine Eventlog Analyzer Search vendor "Zohocorp" for product "Manageengine Eventlog Analyzer"				<= 10.6 Search vendor "Zohocorp" for product "Manageengine Eventlog Analyzer" and version " <= 10.6"		-		Affected