VIR Vulnerability Intelligence Relay

CVE-2014-9371

critical
Published 2014-12-16 · Modified 2026-05-06
CVSS v3
CVSS v2
10.0
VIR risk
10.0

Description

The NativeAppServlet in ManageEngine Desktop Central MSP before 90075 allows remote attackers to execute arbitrary code via a crafted JSON object.

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.

Application impact
VendorProductVersionsFixed
zohocorpmanageengine_desktop_central{"endIncluding":"9.0"}

References

CWEs

CWE-20

Verify integrity in audit chain (admin only). AS-IS.