Lucene search

MitreCVE-2015-4418

HistoryJun 09, 2015 - 12:59 a.m.

CVE-2015-4418

2015-06-0900:59:04

CWE-284

mitre

web.nvd.nist.gov

cve-2015-4418

zoho netflow analyzer

build 10250

security vulnerability

remote attackers

unauthorized access

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

Confidence

Low

EPSS

0.004

Percentile

74.0%

JSON

Zoho NetFlow Analyzer build 10250 and earlier does not have an off autocomplete attribute for a password field, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.

Affected configurations

Nvd

Node

zohocorpmanageengine_netflow_analyzerMatch-

VendorProductVersionCPE
zohocorpmanageengine_netflow_analyzer-cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
zohocorp	manageengine_netflow_analyzer	-	cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:-:::::::*

References

www.securityfocus.com/bid/75068

www.securitytracker.com/id/1032516

support.zoho.com/portal/manageengine/helpcenter/articles/vulnerability-fix-for-fails-to-restrict-access-permissions-cross-site-scripting-cross-site-request-forgery-over-build-10250

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

Confidence

Low

EPSS

0.004

Percentile

74.0%

JSON

Related for CVE-2015-4418