Описание
Zoho NetFlow Analyzer build 10250 and earlier does not check for administrative authorization, which allows remote attackers to obtain sensitive information, modify passwords, or remove accounts by leveraging the guest role.
Zoho NetFlow Analyzer build 10250 and earlier does not check for administrative authorization, which allows remote attackers to obtain sensitive information, modify passwords, or remove accounts by leveraging the guest role.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2015-2959
- https://support.zoho.com/portal/manageengine/helpcenter/articles/vulnerability-fix-for-fails-to-restrict-access-permissions-cross-site-scripting-cross-site-request-forgery-over-build-10250
- http://jvn.jp/en/jp/JVN25598413/index.html
- http://jvndb.jvn.jp/jvndb/JVNDB-2015-000075
- http://www.securityfocus.com/bid/75065
- http://www.securitytracker.com/id/1032516
Связанные уязвимости
nvd
больше 10 лет назад
Zoho NetFlow Analyzer build 10250 and earlier does not check for administrative authorization, which allows remote attackers to obtain sensitive information, modify passwords, or remove accounts by leveraging the guest role.