VYPR

Manageengine Netflow Analyzer

by Zohocorp

CVEs (8)

  • CVE-2025-9226MedJan 30, 2026
    risk 0.30cvss 4.6epss 0.00

    Zohocorp ManageEngine OpManager, NetFlow Analyzer, and OpUtils versions prior to 128582 are affected by a stored cross-site scripting vulnerability in the Subnet Details.

  • CVE-2025-41437MedJun 9, 2025
    risk 0.28cvss 4.3epss 0.00

    Zohocorp ManageEngine OpManager, NetFlow Analyzer, Network Configuration Manager, Firewall Analyzer and OpUtils versions 128565 and below are vulnerable to Reflected XSS on the login page.

  • CVE-2014-5446Dec 4, 2014
    risk 0.07cvss epss 0.55

    Directory traversal vulnerability in the DisplayChartPDF servlet in ZOHO ManageEngine Netflow Analyzer 8.6 through 10.2 and IT360 10.3 allows remote attackers and remote authenticated users to read arbitrary files via a .. (dot dot) in the filename parameter.

  • CVE-2014-5445Dec 4, 2014
    risk 0.04cvss epss 0.98

    Multiple absolute path traversal vulnerabilities in ZOHO ManageEngine Netflow Analyzer 8.6 through 10.2 and IT360 10.3 allow remote attackers or remote authenticated users to read arbitrary files via a full pathname in the schFilePath parameter to the (1) CSVServlet or (2)…

  • CVE-2015-4418Jun 9, 2015
    risk 0.00cvss epss 0.03

    Zoho NetFlow Analyzer build 10250 and earlier does not have an off autocomplete attribute for a password field, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.

  • CVE-2015-2961Jun 9, 2015
    risk 0.00cvss epss 0.02

    Cross-site request forgery (CSRF) vulnerability in Zoho NetFlow Analyzer build 10250 and earlier allows remote attackers to hijack the authentication of administrators.

  • CVE-2015-2960Jun 9, 2015
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in Zoho NetFlow Analyzer build 10250 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2015-2959Jun 9, 2015
    risk 0.00cvss epss 0.03

    Zoho NetFlow Analyzer build 10250 and earlier does not check for administrative authorization, which allows remote attackers to obtain sensitive information, modify passwords, or remove accounts by leveraging the guest role.