Vulnerability in Zohocorp Manageengine_netflow_analyzer

CVE-2015-2959

Zoho NetFlow Analyzer build 10250 and earlier does not check for administrative authorization, which allows remote attackers to obtain sensitive information, modify passwords, or remove accounts by leveraging the guest role.

EPSS: 0.008 (74.8th percentile) — read the EPSS interpretation.

Affected products

Zohocorp Manageengine_netflow_analyzer
N/a — versions n/a

Weakness classification (CWE)

CWE-284 — Improper Access Control

References

1032516 (vdb-entry, x_refsource_SECTRACK)
JVN#25598413 (x_refsource_JVN, third-party-advisory, Vendor Advisory)
JVNDB-2015-000075 (x_refsource_JVNDB, third-party-advisory, Vendor Advisory)
75065 (vdb-entry, x_refsource_BID)
vultures@jpcert.or.jp (x_refsource_CONFIRM, Patch, Vendor Advisory)