Zohocorp Manageengine Netflow Analyzer vulnerabilities
23 known vulnerabilities affecting zohocorp/manageengine_netflow_analyzer.
Total CVEs
23
CISA KEV
0
Public exploits
9
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH6MEDIUM16
Vulnerabilities
Page 2 of 2
CVE-2018-10803MEDIUMCVSS 6.1≥ 12.3, < 12.3.1252018-05-10
CVE-2018-10803 [MEDIUM] CWE-79 CVE-2018-10803: Cross-site scripting (XSS) vulnerability in the add credentials functionality in Zoho ManageEngine N
Cross-site scripting (XSS) vulnerability in the add credentials functionality in Zoho ManageEngine NetFlow Analyzer v12.3 before 12.3.125 (build 123125) allows remote attackers to inject arbitrary web script or HTML via a crafted description value. This can be exploited through CSRF.
nvd
CVE-2014-5446MEDIUMCVSS 5.0PoCv8.6v9.0+11 more2014-12-04
CVE-2014-5446 [MEDIUM] CWE-22 CVE-2014-5446: Directory traversal vulnerability in the DisplayChartPDF servlet in ZOHO ManageEngine Netflow Analyz
Directory traversal vulnerability in the DisplayChartPDF servlet in ZOHO ManageEngine Netflow Analyzer 8.6 through 10.2 and IT360 10.3 allows remote attackers and remote authenticated users to read arbitrary files via a .. (dot dot) in the filename parameter.
nvd
CVE-2014-5445MEDIUMCVSS 5.0PoC≥ 8.6, ≤ 10.22014-12-04
CVE-2014-5445 [MEDIUM] CWE-22 CVE-2014-5445: Multiple absolute path traversal vulnerabilities in ZOHO ManageEngine Netflow Analyzer 8.6 through 1
Multiple absolute path traversal vulnerabilities in ZOHO ManageEngine Netflow Analyzer 8.6 through 10.2 and IT360 10.3 allow remote attackers or remote authenticated users to read arbitrary files via a full pathname in the schFilePath parameter to the (1) CSVServlet or (2) CReportPDFServlet servlet.
nvd
← Previous2 / 2