Shodan
Vulnerabilities
Vulnerable Software
Zohocorp:  >> Manageengine Netflow Analyzer  Security Vulnerabilities
CVE-2018-12998
A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 allows remote attackers to inject arbitrary web script or HTML via the parameter 'operation' to /servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet.
CVSS Score
6.1
EPSS Score
0.985
Published
2018-06-29
CVE-2018-10803
Cross-site scripting (XSS) vulnerability in the add credentials functionality in Zoho ManageEngine NetFlow Analyzer v12.3 before 12.3.125 (build 123125) allows remote attackers to inject arbitrary web script or HTML via a crafted description value. This can be exploited through CSRF.
CVSS Score
6.1
EPSS Score
0.007
Published
2018-05-10
CVE-2015-4418
Zoho NetFlow Analyzer build 10250 and earlier does not have an off autocomplete attribute for a password field, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.
CVSS Score
5.0
EPSS Score
0.029
Published
2015-06-09
CVE-2015-2961
Cross-site request forgery (CSRF) vulnerability in Zoho NetFlow Analyzer build 10250 and earlier allows remote attackers to hijack the authentication of administrators.
CVSS Score
6.8
EPSS Score
0.02
Published
2015-06-09
CVE-2015-2960
Cross-site scripting (XSS) vulnerability in Zoho NetFlow Analyzer build 10250 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS Score
4.3
EPSS Score
0.021
Published
2015-06-09
CVE-2015-2959
Zoho NetFlow Analyzer build 10250 and earlier does not check for administrative authorization, which allows remote attackers to obtain sensitive information, modify passwords, or remove accounts by leveraging the guest role.
CVSS Score
7.5
EPSS Score
0.034
Published
2015-06-09
CVE-2014-5446
Directory traversal vulnerability in the DisplayChartPDF servlet in ZOHO ManageEngine Netflow Analyzer 8.6 through 10.2 and IT360 10.3 allows remote attackers and remote authenticated users to read arbitrary files via a .. (dot dot) in the filename parameter.
CVSS Score
5.0
EPSS Score
0.547
Published
2014-12-04
CVE-2014-5445
Multiple absolute path traversal vulnerabilities in ZOHO ManageEngine Netflow Analyzer 8.6 through 10.2 and IT360 10.3 allow remote attackers or remote authenticated users to read arbitrary files via a full pathname in the schFilePath parameter to the (1) CSVServlet or (2) CReportPDFServlet servlet.
CVSS Score
5.0
EPSS Score
0.982
Published
2014-12-04


Products
Pricing
Contact Us

Shodan ® - All rights reserved