Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2014-6043

CWE-2644 documents4 sources

Severity

6.5MEDIUM

EPSS

5.8%

top 9.49%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Zohocorp Manageengine Eventlog Analyzer

Timeline

PublishedSep 11

Latest updateMay 13

Description

ZOHO ManageEngine EventLog Analyzer 9.0 build 9002 and 8.2 build 8020 does not properly restrict access to the database browser, which allows remote authenticated users to obtain access to the database via a direct request to event/runQuery.do. Fixed in Build 10000.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 8.0 | Impact: 6.4

Affected Packages1 packages

▶NVDzohocorp/manageengine_eventlog_analyzer8.2, 9.0+1

🔴Vulnerability Details

GHSA

GHSA-r5w4-8j3p-5wm3: ZOHO ManageEngine EventLog Analyzer 9↗2022-05-13

▶

CVEList

CVE-2014-6043: ZOHO ManageEngine EventLog Analyzer 9↗2014-09-11

▶

💥Exploits & PoCs

Exploit-DB

ManageEngine EventLog Analyzer - Multiple Vulnerabilities (1)↗2014-09-01

▶