CVE-2017-11686
Severity
6.1MEDIUM
EPSS
1.7%
top 17.92%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJul 27
Latest updateMay 17
Description
Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allows remote attackers to obtain an authenticated user's password via XSS vulnerabilities or sniffing non-SSL traffic on the network, because the password is represented in a cookie with a reversible encoding method.
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7