CVE-2014-6043

Опубликовано: 11 сент. 2014

Источник: nvd

CVSS2: 6.5

EPSS Низкий

Описание

ZOHO ManageEngine EventLog Analyzer 9.0 build 9002 and 8.2 build 8020 does not properly restrict access to the database browser, which allows remote authenticated users to obtain access to the database via a direct request to event/runQuery.do. Fixed in Build 10000.

Ссылки

http://packetstormsecurity.com/files/128102/ManageEngine-EventLog-Analyzer-9.9-Authorization-Code-Execution.html
Exploit
http://seclists.org/fulldisclosure/2014/Aug/86
Exploit
US Government Resource
http://seclists.org/fulldisclosure/2014/Sep/19
Exploit
http://www.exploit-db.com/exploits/34519
Exploit
http://www.securityfocus.com/bid/69482
Exploit
https://www.mogwaisecurity.de/advisories/MSA-2014-01.txt
Exploit
http://packetstormsecurity.com/files/128102/ManageEngine-EventLog-Analyzer-9.9-Authorization-Code-Execution.html
Exploit
http://seclists.org/fulldisclosure/2014/Aug/86
Exploit
US Government Resource
http://seclists.org/fulldisclosure/2014/Sep/19
Exploit
http://www.exploit-db.com/exploits/34519
Exploit
http://www.securityfocus.com/bid/69482
Exploit
https://www.mogwaisecurity.de/advisories/MSA-2014-01.txt
Exploit

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:8.2:8020:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:9.0:9002:*:*:*:*:*:*

EPSS

Процентиль: 90%

0.05802

Низкий

6.5 Medium

CVSS2

Дефекты

CWE-264

Связанные уязвимости

GHSA-r5w4-8j3p-5wm3

github

больше 3 лет назад