Webnms Framework Security Vulnerabilities and Issues — Webnms Framework CVE List

Lucene search

ZohocorpWebnms Framework

4 matches found

CVE•added 2017/01/23 9:59 p.m.•109 views

CVE-2016-6601

Directory traversal vulnerability in the file download functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to read arbitrary files via a .. (dot dot) in the fileName parameter to servlets/FetchFile.

7.5CVSS8.2AI score0.9278EPSS

CVE•added 2017/01/23 9:59 p.m.•51 views

CVE-2016-6600

Directory traversal vulnerability in the file upload functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to upload and execute arbitrary JSP files via a .. (dot dot) in the fileName parameter to servlets/FileUploadServlet.

9.8CVSS9.5AI score0.90636EPSS

CVE•added 2017/01/23 9:59 p.m.•49 views

CVE-2016-6602

ZOHO WebNMS Framework 5.2 and 5.2 SP1 use a weak obfuscation algorithm to store passwords, which allows context-dependent attackers to obtain cleartext passwords by leveraging access to WEB-INF/conf/securitydbData.xml. NOTE: this issue can be combined with CVE-2016-6601 for a remote exploit.

9.8CVSS8.3AI score0.9278EPSS

CVE•added 2017/01/23 9:59 p.m.•46 views

CVE-2016-6603

ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to bypass authentication and impersonate arbitrary users via the UserName HTTP header.

9.8CVSS9.6AI score0.85558EPSS