ManageEngine Netflow Analyzer Professional

CVEs (12)

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2018-12997	Zoho ManageEngine Netflow Analyzer Professional	Hig	0.49	7.5	0.07	Jun 29, 2018	Incorrect Access Control in FailOverHelperServlet in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 allows attackers…
CVE-2018-12998	Zoho OpManager	Med	0.48	6.1	0.98	Jun 29, 2018	A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 allows remote…
CVE-2018-10803	Zoho ManageEngine Netflow Analyzer Professional	Med	0.40	6.1	0.01	May 10, 2018	Cross-site scripting (XSS) vulnerability in the add credentials functionality in Zoho ManageEngine NetFlow Analyzer v12.3 before 12.3.125 (build 123125) allows remote attackers to inject arbitrary web script or HTML via a crafted description value. This can be exploited through…
CVE-2014-5446	Zoho IT360		0.07	—	0.55	Dec 4, 2014	Directory traversal vulnerability in the DisplayChartPDF servlet in ZOHO ManageEngine Netflow Analyzer 8.6 through 10.2 and IT360 10.3 allows remote attackers and remote authenticated users to read arbitrary files via a .. (dot dot) in the filename parameter.
CVE-2022-37024	Manageengine Opmanager		0.04	—	0.78	Aug 9, 2022	Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, and OpUtils before 2022-07-29 through 2022-07-30 ( 125658, 126003, 126105, and 126120) allow authenticated users to make database changes that lead to remote code…
CVE-2019-8929	Zoho ManageEngine Netflow Analyzer Professional		0.03	—	0.11	May 17, 2019	An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in the Administration zone /netflow/jspui/selectDevice.jsp file in these GET parameters: param and rtype.
CVE-2019-8928	Zoho ManageEngine Netflow Analyzer Professional		0.03	—	0.06	May 17, 2019	An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in /netflow/jspui/userManagementForm.jsp via these GET parameters: authMeth, passWord, pwd1, and userName.
CVE-2019-7427	Zoho ManageEngine Netflow Analyzer Professional		0.00	—	0.03	May 7, 2019	XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/linkdownalertConfig.jsp" file in the autorefTime or graphTypes parameter.
CVE-2019-7426	Zoho ManageEngine Netflow Analyzer Professional		0.00	—	0.03	May 7, 2019	XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/linkdownalertConfig.jsp" file in the groupDesc, groupName, groupID, or task parameter.
CVE-2019-7424	Zoho ManageEngine Netflow Analyzer Professional		0.00	—	0.03	Mar 17, 2019	XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/index.jsp" file in the view GET parameter or any of these POST parameters: autorefTime, section, snapshot, viewOpt, viewAll, view, or groupSelName. The latter is…
CVE-2019-7423	Zoho ManageEngine Netflow Analyzer Professional		0.00	—	0.03	Mar 17, 2019	XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/editProfile.jsp" file in the userName parameter.
CVE-2019-7422	Zoho ManageEngine Netflow Analyzer Professional		0.00	—	0.03	Mar 17, 2019	XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/addMailSettings.jsp" file in the gF parameter.

CVE-2018-12997HigJun 29, 2018
Zoho
ManageEngine Netflow Analyzer Professional
risk 0.49cvss 7.5epss 0.07
Incorrect Access Control in FailOverHelperServlet in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 allows attackers…
CVE-2018-12998MedJun 29, 2018
Zoho
OpManager
risk 0.48cvss 6.1epss 0.98
A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 allows remote…
CVE-2018-10803MedMay 10, 2018
Zoho
ManageEngine Netflow Analyzer Professional
risk 0.40cvss 6.1epss 0.01
Cross-site scripting (XSS) vulnerability in the add credentials functionality in Zoho ManageEngine NetFlow Analyzer v12.3 before 12.3.125 (build 123125) allows remote attackers to inject arbitrary web script or HTML via a crafted description value. This can be exploited through…
CVE-2014-5446Dec 4, 2014
Zoho
IT360
risk 0.07cvss —epss 0.55
Directory traversal vulnerability in the DisplayChartPDF servlet in ZOHO ManageEngine Netflow Analyzer 8.6 through 10.2 and IT360 10.3 allows remote attackers and remote authenticated users to read arbitrary files via a .. (dot dot) in the filename parameter.
CVE-2022-37024Aug 9, 2022
Manageengine
Opmanager
risk 0.04cvss —epss 0.78
Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, and OpUtils before 2022-07-29 through 2022-07-30 ( 125658, 126003, 126105, and 126120) allow authenticated users to make database changes that lead to remote code…
CVE-2019-8929May 17, 2019
Zoho
ManageEngine Netflow Analyzer Professional
risk 0.03cvss —epss 0.11
An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in the Administration zone /netflow/jspui/selectDevice.jsp file in these GET parameters: param and rtype.
CVE-2019-8928May 17, 2019
Zoho
ManageEngine Netflow Analyzer Professional
risk 0.03cvss —epss 0.06
An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in /netflow/jspui/userManagementForm.jsp via these GET parameters: authMeth, passWord, pwd1, and userName.
CVE-2019-7427May 7, 2019
Zoho
ManageEngine Netflow Analyzer Professional
risk 0.00cvss —epss 0.03
XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/linkdownalertConfig.jsp" file in the autorefTime or graphTypes parameter.
CVE-2019-7426May 7, 2019
Zoho
ManageEngine Netflow Analyzer Professional
risk 0.00cvss —epss 0.03
XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/linkdownalertConfig.jsp" file in the groupDesc, groupName, groupID, or task parameter.
CVE-2019-7424Mar 17, 2019
Zoho
ManageEngine Netflow Analyzer Professional
risk 0.00cvss —epss 0.03
XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/index.jsp" file in the view GET parameter or any of these POST parameters: autorefTime, section, snapshot, viewOpt, viewAll, view, or groupSelName. The latter is…
CVE-2019-7423Mar 17, 2019
Zoho
ManageEngine Netflow Analyzer Professional
risk 0.00cvss —epss 0.03
XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/editProfile.jsp" file in the userName parameter.
CVE-2019-7422Mar 17, 2019
Zoho
ManageEngine Netflow Analyzer Professional
risk 0.00cvss —epss 0.03
XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/addMailSettings.jsp" file in the gF parameter.