Vulnerability in Zohocorp Manageengine_netflow_analyzer

CVE-2015-4418

Zoho NetFlow Analyzer build 10250 and earlier does not have an off autocomplete attribute for a password field, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.

EPSS: 0.049 (89.8th percentile) — read the EPSS interpretation.

Affected products

Zohocorp Manageengine_netflow_analyzer
N/a — versions n/a

Weakness classification (CWE)

CWE-284 — Improper Access Control

References

1032516 (vdb-entry, x_refsource_SECTRACK)
75068 (vdb-entry, x_refsource_BID)
cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)