CVE-2015-2959
N/A
N/A
Summary
Zoho NetFlow Analyzer build 10250 and earlier does not check for administrative authorization, which allows remote attackers to obtain sensitive information, modify passwords, or remove accounts by leveraging the guest role.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://www.securitytracker.com/id/1032516
- http://jvn.jp/en/jp/JVN25598413/index.html
- http://jvndb.jvn.jp/jvndb/JVNDB-2015-000075
- http://www.securityfocus.com/bid/75065
- https://support.zoho.com/portal/manageengine/helpcenter/articles/vulnerability-fix-for-fails-to-restrict-access-permissions-cross-site-scripting-cross-site-request-forgery-over-build-10250
References
- http://www.securitytracker.com/id/1032516
- http://jvn.jp/en/jp/JVN25598413/index.html
- http://jvndb.jvn.jp/jvndb/JVNDB-2015-000075
- http://www.securityfocus.com/bid/75065
- https://support.zoho.com/portal/manageengine/helpcenter/articles/vulnerability-fix-for-fails-to-restrict-access-permissions-cross-site-scripting-cross-site-request-forgery-over-build-10250
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.