Manageengine Netflow Analyzer
Sign in to watchby Zohocorp
CVEs (6)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2014-5445 | 0.10 | — | 0.91 | Dec 4, 2014 | Multiple absolute path traversal vulnerabilities in ZOHO ManageEngine Netflow Analyzer 8.6 through 10.2 and IT360 10.3 allow remote attackers or remote authenticated users to read arbitrary files via a full pathname in the schFilePath parameter to the (1) CSVServlet or (2) CReportPDFServlet servlet. | ||
| CVE-2014-5446 | 0.08 | — | 0.66 | Dec 4, 2014 | Directory traversal vulnerability in the DisplayChartPDF servlet in ZOHO ManageEngine Netflow Analyzer 8.6 through 10.2 and IT360 10.3 allows remote attackers and remote authenticated users to read arbitrary files via a .. (dot dot) in the filename parameter. | ||
| CVE-2015-4418 | 0.00 | — | 0.05 | Jun 9, 2015 | Zoho NetFlow Analyzer build 10250 and earlier does not have an off autocomplete attribute for a password field, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation. | ||
| CVE-2015-2961 | 0.00 | — | 0.00 | Jun 9, 2015 | Cross-site request forgery (CSRF) vulnerability in Zoho NetFlow Analyzer build 10250 and earlier allows remote attackers to hijack the authentication of administrators. | ||
| CVE-2015-2960 | 0.00 | — | 0.00 | Jun 9, 2015 | Cross-site scripting (XSS) vulnerability in Zoho NetFlow Analyzer build 10250 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||
| CVE-2015-2959 | 0.00 | — | 0.01 | Jun 9, 2015 | Zoho NetFlow Analyzer build 10250 and earlier does not check for administrative authorization, which allows remote attackers to obtain sensitive information, modify passwords, or remove accounts by leveraging the guest role. |