3 matches found
ManageEngine EventLog Analyzer 'agentHandler' Information Disclosure
The EventLog Analyzer version installed on the remote web server is affected by multiple information disclosure vulnerabilities : - A flaw exists in the 'agentHandler' servlet that allows a remote attacker to retrieve user names and password hashes and other sensitive information. CVE-2014-6038 -...
ManageEngine EventLog Analyzer agentHandler Information Disclosure (CVE-2014-6038)
An information disclosure vulnerability exists in ManageEngine EventLog Analyzer. The vulnerability is due to a failure to restrict access to confidential data and an input validation error in the agentHandler servlet. A remote unauthenticated attacker can exploit the vulnerability to disclose...
ManageEngine Eventlog Analyzer Managed Hosts Administrator Credential Disclosure
ManageEngine Eventlog Analyzer from v7 to v9.9 b9002 has two security vulnerabilities that allow an unauthenticated user to obtain the superuser password of any managed Windows and AS/400 hosts. This module abuses both vulnerabilities to collect all the available usernames and passwords. First th...