CVE-2014-6039

HIGH

ManageEngine EventLog Analyzer 7-9.9 - Credentials Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-6039. PoCs published by Pedro Ribeiro.

AI-analyzed exploit summary The document describes two vulnerabilities in ManageEngine EventLog Analyzer: SQL database information disclosure (CVE-2014-6038) and Windows/AS/400 managed hosts Administrator credentials disclosure (CVE-2014-6039). Both vulnerabilities allow unauthenticated access to sensitive data via simple GET requests.

Description

ManageEngine EventLog Analyzer version 7 through 9.9 build 9002 has a Credentials Disclosure Vulnerability. Fixed version 10 Build 10000.

Exploits (1)

exploitdb WRITEUP
by Pedro Ribeiro · textwebappsmultiple
https://www.exploit-db.com/exploits/43893

The document describes two vulnerabilities in ManageEngine EventLog Analyzer: SQL database information disclosure (CVE-2014-6038) and Windows/AS/400 managed hosts Administrator credentials disclosure (CVE-2014-6039). Both vulnerabilities allow unauthenticated access to sensitive data via simple GET requests.

Classification
Writeup 100%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: ManageEngine EventLog Analyzer v7 to v9.9 build 9002
No auth needed
Prerequisites: Network access to the target system
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit, Mailing List, Third Party Advisory x_refsource_misc
http://seclists.org/fulldisclosure/2014/Nov/12
Third Party Advisory, VDB Entry x_refsource_misc
http://www.securityfocus.com/bid/70960
Third Party Advisory, VDB Entry x_refsource_misc
https://exchange.xforce.ibmcloud.com/vulnerabilities/98539

Scores

CVSS v3 7.5
EPSS 0.6878
EPSS Percentile 99.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-522
Status published
Products (1)
zohocorp/manageengine_eventlog_analyzer 7.0 - 9.9
Published Jan 13, 2020
Tracked Since Feb 18, 2026