470 matches found
ManageEngine NetFlow Analyzer getUserAPIKey Authentication Bypass Vulnerability
This vulnerability allows remote attackers to bypass authentication on affected installations of ManageEngine NetFlow Analyzer. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getUserAPIKey function. The issue results from the lack of authenticati...
CVE-2022-37024
Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, and OpUtils before 2022-07-29 through 2022-07-30 125658, 126003, 126105, and 126120 allow authenticated users to make database changes that lead to remote code execution...
CVE-2022-36923
Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, Firewall Analyzer, and OpUtils before 2022-07-27 through 2022-07-28 125657, 126002, 126104, and 126118 allow unauthenticated attackers to obtain a user's API key, and then access external...
Design/Logic Flaw
Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, Firewall Analyzer, and OpUtils before 2022-07-27 through 2022-07-28 125657, 126002, 126104, and 126118 allow unauthenticated attackers to obtain a user's API key, and then access external...
Remote code execution
Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, and OpUtils before 2022-07-29 through 2022-07-30 125658, 126003, 126105, and 126120 allow authenticated users to make database changes that lead to remote code execution...
CVE-2022-36923
Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, Firewall Analyzer, and OpUtils before 2022-07-27 through 2022-07-28 125657, 126002, 126104, and 126118 allow unauthenticated attackers to obtain a user's API key, and then access external...
CVE-2022-36923
CVE-2022-36923 affects Zoho ManageEngine products (OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, Firewall Analyzer, and OpUtils) with an authentication bypass that allows an unauthenticated attacker to retrieve a user’s API key and use external APIs. T...
CVE-2022-36923
Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, Firewall Analyzer, and OpUtils before 2022-07-27 through 2022-07-28 125657, 126002, 126104, and 126118 allow unauthenticated attackers to obtain a user's API key, and then access external...
PT-2022-23689 · Zoho · Netflow Analyzer +6
Name of the Vulnerable Software and Affected Versions: Zoho ManageEngine OpManager versions before 2022-07-27 through 2022-07-28 Zoho ManageEngine OpManager Plus versions before 2022-07-27 through 2022-07-28 Zoho ManageEngine OpManager MSP versions before 2022-07-27 through 2022-07-28 Zoho...
多款ZOHO ManageEngine产品安全漏洞
ZOHO ManageEngine OpManager and others are products of ZOHO India.ZOHO ManageEngine OpManager is a suite of network, server and virtualization monitoring software.ZOHO ManageEngine OpManager Plus is an IT operations management solution for Windows and Linux systems. ZOHO ManageEngine OpManager Pl...
CVE-2022-37024
Summary (CVE-2022-37024) : Multiple Zoho ManageEngine products (OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, OpUtils) prior to 2022-07-29 are affected by a remote code execution flaw. The root cause is insufficient input validation in the getDNSResolv...
Zoho ManageEngine Netflow Analyzer Professional跨站脚本漏洞
ZOHO ManageEngine Netflow Analyzer is a web-based bandwidth monitoring tool from ZOHO, Inc. A cross-site scripting vulnerability exists in ZOHO ManageEngine Netflow Analyzer Professional version 7.0.0.2, which stems from the lack of proper validation of client-side data by the web application and...
Denial Of Service (DoS)
kernel is vulnerable to denial of service attacks. A user with root access is able to panic the system when issuing netfilter netflow commands...
kernel: flowtable list del corruption with kernel BUG at lib/list_debug.c:50
A flaw was found in the Linux kernel netfilter implementation. A user with root CAPSYSADMIN access is able to panic the system when issuing netfilter netflow commands...
Zoho ManageEngine OpManager SQL Injection Vulnerability (CNVD-2021-88241)
ZOHO ManageEngine OpManager is an end-to-end integrated network management software that enables comprehensive, visual, unified and centralized monitoring and management of IT infrastructure, including network devices, servers, hosts, WAN links, applications and services, within an enterprise...
CVE-2021-41075
The NetFlow Analyzer in Zoho ManageEngine OpManger before 125455 is vulnerable to SQL Injection in the Attacks Module API...
CVE-2021-41075
The NetFlow Analyzer in Zoho ManageEngine OpManger before 125455 is vulnerable to SQL Injection in the Attacks Module API...
Sql injection
The NetFlow Analyzer in Zoho ManageEngine OpManger before 125455 is vulnerable to SQL Injection in the Attacks Module API...
CVE-2021-41075
The NetFlow Analyzer in Zoho ManageEngine OpManger before 125455 is vulnerable to SQL Injection in the Attacks Module API...
CVE-2021-41075
The CVE-2021-41075 affects Zoho ManageEngine OpManager’s NetFlow Analyzer prior to build 125455. The vulnerability is a SQL Injection in the Attacks Module API, enabling an attacker to execute arbitrary SQL commands. The issue is confirmed across multiple sources (including Red Hat and CNVD) and ...