Описание
Zoho NetFlow Analyzer build 10250 and earlier does not check for administrative authorization, which allows remote attackers to obtain sensitive information, modify passwords, or remove accounts by leveraging the guest role.
Ссылки
- Vendor Advisory
- Vendor Advisory
- PatchVendor Advisory
- Vendor Advisory
- Vendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:-:*:*:*:*:*:*:*
EPSS
Процентиль: 74%
0.00824
Низкий
7.5 High
CVSS2
Дефекты
CWE-284
Связанные уязвимости
github
больше 3 лет назад
Zoho NetFlow Analyzer build 10250 and earlier does not check for administrative authorization, which allows remote attackers to obtain sensitive information, modify passwords, or remove accounts by leveraging the guest role.
EPSS
Процентиль: 74%
0.00824
Низкий
7.5 High
CVSS2
Дефекты
CWE-284