CVE-2014-6038

HIGH

ManageEngine Eventlog Analyzer Managed Hosts Administrator Credential Disclosure

Title source: metasploit

Exploitation Summary

EIP tracks 2 public exploits for CVE-2014-6038. Includes Metasploit module auxiliary/gather/eventlog_cred_disclosure.

AI-analyzed exploit summary The document details two vulnerabilities in ManageEngine EventLog Analyzer: SQL database information disclosure (CVE-2014-6038) and Windows/AS/400 managed hosts Administrator credentials disclosure (CVE-2014-6039). It includes technical details, affected versions, and proof-of-concept URLs to exploit these vulnerabilities.

Description

Zoho ManageEngine EventLog Analyzer versions 7 through 9.9 build 9002 have a database Information Disclosure Vulnerability. Fixed in EventLog Analyzer 10.0 Build 10000.

Exploits (2)

exploitdb WRITEUP

webappsmultiple

https://www.exploit-db.com/exploits/43893

View Code ZIP pw:eip

The document details two vulnerabilities in ManageEngine EventLog Analyzer: SQL database information disclosure (CVE-2014-6038) and Windows/AS/400 managed hosts Administrator credentials disclosure (CVE-2014-6039). It includes technical details, affected versions, and proof-of-concept URLs to exploit these vulnerabilities.

Classification

Writeup 100%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: ManageEngine EventLog Analyzer v7 to v9.9 build 9002

No auth needed

Prerequisites: Network access to the target system

MITRE ATT&CK

T1592 - Gather Victim Host Information T1005 - Data from Local System

devstral-2 · analyzed Feb 19, 2026 Full analysis →

metasploit WORKING POC

rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/gather/eventlog_cred_disclosure.rb

View Code ZIP pw:eip

This Metasploit module exploits CVE-2014-6038 and CVE-2014-6039 to disclose administrator credentials from ManageEngine Eventlog Analyzer by abusing the agentHandler and hostdetails servlets. It retrieves host IDs and uses them to extract usernames and passwords, which are then decoded and reported.

Classification

Working Poc 100%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: ManageEngine Eventlog Analyzer v7 to v9.9 b9002

No auth needed

Prerequisites: Network access to the target application · Eventlog Analyzer service running on port 8400

MITRE ATT&CK

T1552 - Unsecured Credentials T1110 - Brute Force

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/128996/ManageEngine-EventLog-Analyzer-SQL-Credential-Disclosure.html

Third Party Advisory, VDB Entry x_refsource_misc

http://www.securityfocus.com/bid/70959

VDB Entry x_refsource_misc

https://exchange.xforce.ibmcloud.com/vulnerabilities/98540

Mailing List, Third Party Advisory x_refsource_misc

http://seclists.org/fulldisclosure/2014/Nov/12

Scores

CVSS v3 7.5

EPSS 0.7276

EPSS Percentile 99.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-200

Status published

Products (1)

zohocorp/manageengine_eventlog_analyzer 7.0 - 9.9

Published Jan 13, 2020

Tracked Since Feb 18, 2026