Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2014-6038

CWE-200 — Information Exposure5 documents5 sources

Severity

7.5HIGH

EPSS

83.8%

top 0.71%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Zohocorp Manageengine Eventlog Analyzer

Timeline

PublishedJan 13

Latest updateMay 17

Description

Zoho ManageEngine EventLog Analyzer versions 7 through 9.9 build 9002 have a database Information Disclosure Vulnerability. Fixed in EventLog Analyzer 10.0 Build 10000.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

▶NVDzohocorp/manageengine_eventlog_analyzer7.0 — 9.9

🔴Vulnerability Details

GHSA

GHSA-pm74-7m74-gxrf: Zoho ManageEngine EventLog Analyzer versions 7 through 9↗2022-05-17

▶

CVEList

CVE-2014-6038: Zoho ManageEngine EventLog Analyzer versions 7 through 9↗2020-01-13

▶

💥Exploits & PoCs

Exploit-DB

ManageEngine EventLog Analyzer - Multiple Vulnerabilities (2)↗2014-11-05

▶

Metasploit

ManageEngine Eventlog Analyzer Managed Hosts Administrator Credential Disclosure↗

▶