CyberSec.Space Logo
Back to CVE Browser

CVE-2014-9371

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1080%
EPSS Percentile24.29th
PublishedDec 16, 2014
Last ModifiedMay 6, 2026

Vulnerability Description

The NativeAppServlet in ManageEngine Desktop Central MSP before 90075 allows remote attackers to execute arbitrary code via a crafted JSON object.

Affected Platforms (CPE)

📦
Zohocorp

Manageengine Desktop Central

<= 9.0

References & Advisories

🔗 http://www.zerodayinitiative.com/advisories/ZDI-14-420/
🔗 http://www.zerodayinitiative.com/advisories/ZDI-14-420/

Related Vulnerabilities

CVE-2017-721310.0

Zoho ManageEngine Desktop Central before build 100082 allows remote attackers to obtain control over all connected active desktops...

CVE-2020-85409.8

An XML external entity (XXE) vulnerability in Zoho ManageEngine Desktop Central before the 07-Mar-2020 update allows remote unauth...

CVE-2020-101899.8

Zoho ManageEngine Desktop Central before 10.0.474 allows remote code execution because of deserialization of untrusted data in get...

CVE-2020-155889.8

An issue was discovered in the client side of Zoho ManageEngine Desktop Central 10.0.552.W. An attacker-controlled server can trig...