Lucene search

JpcertCVE-2015-2961

HistoryJun 09, 2015 - 12:59 a.m.

CVE-2015-2961

2015-06-0900:59:03

CWE-352

jpcert

web.nvd.nist.gov

cve-2015-2961

cross-site request forgery

csrf

zoho netflow analyzer

authentication hijacking

remote attackers

vulnerability

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.3

Confidence

Low

EPSS

0.003

Percentile

70.2%

JSON

Cross-site request forgery (CSRF) vulnerability in Zoho NetFlow Analyzer build 10250 and earlier allows remote attackers to hijack the authentication of administrators.

Affected configurations

Nvd

Node

zohocorpmanageengine_netflow_analyzerMatch-

VendorProductVersionCPE
zohocorpmanageengine_netflow_analyzer-cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
zohocorp	manageengine_netflow_analyzer	-	cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:-:::::::*

References

jvn.jp/en/jp/JVN79284156/index.html

jvndb.jvn.jp/jvndb/JVNDB-2015-000076

www.securityfocus.com/bid/75067

www.securitytracker.com/id/1032516

support.zoho.com/portal/manageengine/helpcenter/articles/vulnerability-fix-for-fails-to-restrict-access-permissions-cross-site-scripting-cross-site-request-forgery-over-build-10250

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.3

Confidence

Low

EPSS

0.003

Percentile

70.2%

JSON

Related for CVE-2015-2961