Skip to main content

Manageengine Netflow Analyzer

28 CVEs product

Monthly

CVE-2023-47211 CRITICAL POC THREAT Emergency

A directory traversal vulnerability exists in the uploadMib functionality of ManageEngine OpManager 12.7.258. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 81.6%.

Path Traversal Manageengine Firewall Analyzer Manageengine Netflow Analyzer Manageengine Network Configuration Manager Manageengine Opmanager +3
NVD
CVSS 3.1
9.1
EPSS
81.6%
Threat
5.8
CVE-2023-6105 MEDIUM POC This Month

An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Zoho Manageengine Analytics Plus Manageengine Appcreator Manageengine Application Control Plus +36
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2022-38772 HIGH This Week

Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, and OpUtils before 125658, 126003, 126105, and 126120 allow authenticated users to make. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Zoho Manageengine Netflow Analyzer Manageengine Network Configuration Manager Manageengine Opmanager +3
NVD
CVSS 3.1
8.8
EPSS
77.6%
CVE-2022-37024 HIGH This Week

Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, and OpUtils before 2022-07-29 through 2022-07-30 ( 125658, 126003, 126105, and 126120). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Zoho Manageengine Firewall Analyzer Manageengine Netflow Analyzer Manageengine Network Configuration Manager +4
NVD
CVSS 3.1
8.8
EPSS
78.3%
CVE-2022-36923 HIGH POC This Week

Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, Firewall Analyzer, and OpUtils before 2022-07-27 through 2022-07-28 (125657, 126002,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Zoho Manageengine Firewall Analyzer Manageengine Netflow Analyzer Manageengine Network Configuration Manager +4
NVD
CVSS 3.1
7.5
EPSS
7.9%
CVE-2022-35404 HIGH PATCH This Week

ManageEngine Password Manager Pro 12100 and prior and OPManager 126100 and prior are vulnerable to unauthorized file and directory creation on a server machine. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Zoho Manageengine Opmanager Manageengine Network Configuration Manager Manageengine Netflow Analyzer +1
NVD
CVSS 3.1
8.2
EPSS
3.8%
CVE-2019-12133 HIGH This Week

Multiple Zoho ManageEngine products suffer from local privilege escalation due to improper permissions for the %SYSTEMDRIVE%\ManageEngine directory and its sub-folders. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Zoho Manageengine Analytics Plus Manageengine Browser Security Plus Manageengine Desktop Central +15
NVD GitHub
CVSS 3.0
7.8
EPSS
1.8%
CVE-2019-12196 CRITICAL Act Now

A SQL injection vulnerability in /client/api/json/v2/nfareports/compareReport in Zoho ManageEngine NetFlow Analyzer 12.3 allows attackers to execute arbitrary SQL commands via the DeviceID parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Zoho Manageengine Netflow Analyzer
NVD
CVSS 3.0
9.8
EPSS
69.1%
CVE-2019-8929 MEDIUM POC THREAT This Month

An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoho Manageengine Netflow Analyzer
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
11.2%
CVE-2019-8928 MEDIUM POC This Month

An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoho Manageengine Netflow Analyzer
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
6.3%
CVE-2019-8927 MEDIUM POC This Month

An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoho Manageengine Netflow Analyzer
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
6.3%
CVE-2019-8926 MEDIUM POC This Month

An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoho Manageengine Netflow Analyzer
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
6.3%
CVE-2019-8925 MEDIUM POC THREAT This Month

An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Zoho Manageengine Netflow Analyzer
NVD Exploit-DB
CVSS 3.0
4.3
EPSS
11.8%
CVE-2019-7427 MEDIUM POC This Month

XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/linkdownalertConfig.jsp" file in the autorefTime or graphTypes parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoho Manageengine Netflow Analyzer
NVD
CVSS 3.0
6.1
EPSS
2.8%
CVE-2019-7426 MEDIUM POC This Month

XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/linkdownalertConfig.jsp" file in the groupDesc, groupName, groupID, or task parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoho Manageengine Netflow Analyzer
NVD
CVSS 3.0
6.1
EPSS
2.8%
CVE-2019-7425 MEDIUM POC This Month

XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/linkdownalertConfig.jsp" file in the task parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoho Manageengine Netflow Analyzer
NVD
CVSS 3.1
6.1
EPSS
2.7%
CVE-2019-7424 MEDIUM POC This Month

XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/index.jsp" file in the view GET parameter or any of these POST parameters:. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoho Manageengine Netflow Analyzer
NVD
CVSS 3.0
6.1
EPSS
2.7%
CVE-2019-7423 MEDIUM POC This Month

XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/editProfile.jsp" file in the userName parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoho Manageengine Netflow Analyzer
NVD
CVSS 3.0
6.1
EPSS
2.7%
CVE-2019-7422 MEDIUM POC This Month

XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/addMailSettings.jsp" file in the gF parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoho Manageengine Netflow Analyzer
NVD
CVSS 3.0
6.1
EPSS
2.7%
CVE-2018-12998 MEDIUM POC THREAT This Month

A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zoho XSS Firewall Analyzer Manageengine Netflow Analyzer Manageengine Network Configuration Manager +2
NVD GitHub
CVSS 3.1
6.1
EPSS
98.5%
CVE-2018-12997 HIGH POC This Week

Incorrect Access Control in FailOverHelperServlet in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zoho Information Disclosure Firewall Analyzer Manageengine Netflow Analyzer Manageengine Network Configuration Manager +2
NVD GitHub
CVSS 3.1
7.5
EPSS
6.7%
CVE-2018-10803 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the add credentials functionality in Zoho ManageEngine NetFlow Analyzer v12.3 before 12.3.125 (build 123125) allows remote attackers to inject arbitrary. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho CSRF XSS Manageengine Netflow Analyzer
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2015-4418 MEDIUM This Month

Zoho NetFlow Analyzer build 10250 and earlier does not have an off autocomplete attribute for a password field, which makes it easier for remote attackers to obtain access by leveraging an unattended. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zoho Authentication Bypass Manageengine Netflow Analyzer
NVD
CVSS 2.0
5.0
EPSS
4.9%
CVE-2015-2961 MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in Zoho NetFlow Analyzer build 10250 and earlier allows remote attackers to hijack the authentication of administrators. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Zoho CSRF Manageengine Netflow Analyzer
NVD
CVSS 2.0
6.8
EPSS
0.4%
CVE-2015-2960 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in Zoho NetFlow Analyzer build 10250 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Zoho XSS Manageengine Netflow Analyzer
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2015-2959 HIGH PATCH This Week

Zoho NetFlow Analyzer build 10250 and earlier does not check for administrative authorization, which allows remote attackers to obtain sensitive information, modify passwords, or remove accounts by. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Zoho Authentication Bypass Manageengine Netflow Analyzer
NVD
CVSS 2.0
7.5
EPSS
0.8%
CVE-2014-5446 MEDIUM POC THREAT This Month

Directory traversal vulnerability in the DisplayChartPDF servlet in ZOHO ManageEngine Netflow Analyzer 8.6 through 10.2 and IT360 10.3 allows remote attackers and remote authenticated users to read. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 65.7%.

Path Traversal Zoho Manageengine It360 Manageengine Netflow Analyzer
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
65.7%
Threat
4.5
CVE-2014-5445 MEDIUM POC THREAT This Month

Multiple absolute path traversal vulnerabilities in ZOHO ManageEngine Netflow Analyzer 8.6 through 10.2 and IT360 10.3 allow remote attackers or remote authenticated users to read arbitrary files via. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 91.0%.

Path Traversal Zoho Manageengine It360 Manageengine Netflow Analyzer
NVD GitHub Exploit-DB
CVSS 2.0
5.0
EPSS
91.0%
Threat
5.2
EPSS 82% 5.8 CVSS 9.1
CRITICAL POC THREAT Emergency

A directory traversal vulnerability exists in the uploadMib functionality of ManageEngine OpManager 12.7.258. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 81.6%.

Path Traversal Manageengine Firewall Analyzer Manageengine Netflow Analyzer +5
NVD
EPSS 1% CVSS 5.5
MEDIUM POC This Month

An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Zoho Manageengine Analytics Plus +38
NVD
EPSS 78% CVSS 8.8
HIGH This Week

Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, and OpUtils before 125658, 126003, 126105, and 126120 allow authenticated users to make. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Zoho Manageengine Netflow Analyzer +5
NVD
EPSS 78% CVSS 8.8
HIGH This Week

Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, and OpUtils before 2022-07-29 through 2022-07-30 ( 125658, 126003, 126105, and 126120). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Zoho Manageengine Firewall Analyzer +6
NVD
EPSS 8% CVSS 7.5
HIGH POC This Week

Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, Firewall Analyzer, and OpUtils before 2022-07-27 through 2022-07-28 (125657, 126002,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Zoho Manageengine Firewall Analyzer +6
NVD
EPSS 4% CVSS 8.2
HIGH PATCH This Week

ManageEngine Password Manager Pro 12100 and prior and OPManager 126100 and prior are vulnerable to unauthorized file and directory creation on a server machine. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Zoho Manageengine Opmanager +3
NVD
EPSS 2% CVSS 7.8
HIGH This Week

Multiple Zoho ManageEngine products suffer from local privilege escalation due to improper permissions for the %SYSTEMDRIVE%\ManageEngine directory and its sub-folders. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Zoho Manageengine Analytics Plus +17
NVD GitHub
EPSS 69% CVSS 9.8
CRITICAL Act Now

A SQL injection vulnerability in /client/api/json/v2/nfareports/compareReport in Zoho ManageEngine NetFlow Analyzer 12.3 allows attackers to execute arbitrary SQL commands via the DeviceID parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Zoho Manageengine Netflow Analyzer
NVD
EPSS 11% CVSS 6.1
MEDIUM POC THREAT This Month

An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoho Manageengine Netflow Analyzer
NVD Exploit-DB
EPSS 6% CVSS 6.1
MEDIUM POC This Month

An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoho Manageengine Netflow Analyzer
NVD Exploit-DB
EPSS 6% CVSS 6.1
MEDIUM POC This Month

An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoho Manageengine Netflow Analyzer
NVD Exploit-DB
EPSS 6% CVSS 6.1
MEDIUM POC This Month

An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoho Manageengine Netflow Analyzer
NVD Exploit-DB
EPSS 12% CVSS 4.3
MEDIUM POC THREAT This Month

An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Zoho Manageengine Netflow Analyzer
NVD Exploit-DB
EPSS 3% CVSS 6.1
MEDIUM POC This Month

XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/linkdownalertConfig.jsp" file in the autorefTime or graphTypes parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoho Manageengine Netflow Analyzer
NVD
EPSS 3% CVSS 6.1
MEDIUM POC This Month

XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/linkdownalertConfig.jsp" file in the groupDesc, groupName, groupID, or task parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoho Manageengine Netflow Analyzer
NVD
EPSS 3% CVSS 6.1
MEDIUM POC This Month

XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/linkdownalertConfig.jsp" file in the task parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoho Manageengine Netflow Analyzer
NVD
EPSS 3% CVSS 6.1
MEDIUM POC This Month

XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/index.jsp" file in the view GET parameter or any of these POST parameters:. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoho Manageengine Netflow Analyzer
NVD
EPSS 3% CVSS 6.1
MEDIUM POC This Month

XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/editProfile.jsp" file in the userName parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoho Manageengine Netflow Analyzer
NVD
EPSS 3% CVSS 6.1
MEDIUM POC This Month

XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/addMailSettings.jsp" file in the gF parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoho Manageengine Netflow Analyzer
NVD
EPSS 98% CVSS 6.1
MEDIUM POC THREAT This Month

A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zoho XSS Firewall Analyzer +4
NVD GitHub
EPSS 7% CVSS 7.5
HIGH POC This Week

Incorrect Access Control in FailOverHelperServlet in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zoho Information Disclosure Firewall Analyzer +4
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the add credentials functionality in Zoho ManageEngine NetFlow Analyzer v12.3 before 12.3.125 (build 123125) allows remote attackers to inject arbitrary. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho CSRF XSS +1
NVD
EPSS 5% CVSS 5.0
MEDIUM This Month

Zoho NetFlow Analyzer build 10250 and earlier does not have an off autocomplete attribute for a password field, which makes it easier for remote attackers to obtain access by leveraging an unattended. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zoho Authentication Bypass Manageengine Netflow Analyzer
NVD
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in Zoho NetFlow Analyzer build 10250 and earlier allows remote attackers to hijack the authentication of administrators. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Zoho CSRF Manageengine Netflow Analyzer
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in Zoho NetFlow Analyzer build 10250 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Zoho XSS Manageengine Netflow Analyzer
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Zoho NetFlow Analyzer build 10250 and earlier does not check for administrative authorization, which allows remote attackers to obtain sensitive information, modify passwords, or remove accounts by. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Zoho Authentication Bypass Manageengine Netflow Analyzer
NVD
EPSS 66% 4.5 CVSS 5.0
MEDIUM POC THREAT This Month

Directory traversal vulnerability in the DisplayChartPDF servlet in ZOHO ManageEngine Netflow Analyzer 8.6 through 10.2 and IT360 10.3 allows remote attackers and remote authenticated users to read. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 65.7%.

Path Traversal Zoho Manageengine It360 +1
NVD Exploit-DB
EPSS 91% 5.2 CVSS 5.0
MEDIUM POC THREAT This Month

Multiple absolute path traversal vulnerabilities in ZOHO ManageEngine Netflow Analyzer 8.6 through 10.2 and IT360 10.3 allow remote attackers or remote authenticated users to read arbitrary files via. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 91.0%.

Path Traversal Zoho Manageengine It360 +1
NVD GitHub Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy