Unrated severityNVD Advisory· Published Jun 9, 2015· Updated May 6, 2026

CVE-2015-2959

Description

Zoho NetFlow Analyzer build 10250 and earlier does not check for administrative authorization, which allows remote attackers to obtain sensitive information, modify passwords, or remove accounts by leveraging the guest role.

Affected products

Zohocorp/Manageengine Netflow Analyzer
cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:-:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

support.zoho.com/portal/manageengine/helpcenter/articles/vulnerability-fix-for-fails-to-restrict-access-permissions-cross-site-scripting-cross-site-request-forgery-over-build-10250nvdPatchVendor Advisory
jvn.jp/en/jp/JVN25598413/index.htmlnvdVendor Advisory
jvndb.jvn.jp/jvndb/JVNDB-2015-000075nvdVendor Advisory
www.securityfocus.com/bid/75065nvd
www.securitytracker.com/id/1032516nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000