Vulnerability Description
Zoho NetFlow Analyzer build 10250 and earlier does not check for administrative authorization, which allows remote attackers to obtain sensitive information, modify passwords, or remove accounts by leveraging the guest role.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Zohocorp | Manageengine Netflow Analyzer | - |
Related Weaknesses (CWE)
References
- http://jvn.jp/en/jp/JVN25598413/index.htmlVendor Advisory
- http://jvndb.jvn.jp/jvndb/JVNDB-2015-000075Vendor Advisory
- http://www.securityfocus.com/bid/75065
- http://www.securitytracker.com/id/1032516
- https://support.zoho.com/portal/manageengine/helpcenter/articles/vulnerability-fPatchVendor Advisory
- http://jvn.jp/en/jp/JVN25598413/index.htmlVendor Advisory
- http://jvndb.jvn.jp/jvndb/JVNDB-2015-000075Vendor Advisory
- http://www.securityfocus.com/bid/75065
- http://www.securitytracker.com/id/1032516
- https://support.zoho.com/portal/manageengine/helpcenter/articles/vulnerability-fPatchVendor Advisory
FAQ
What is CVE-2015-2959?
CVE-2015-2959 is a vulnerability with a CVSS score of 7.5 (HIGH). Zoho NetFlow Analyzer build 10250 and earlier does not check for administrative authorization, which allows remote attackers to obtain sensitive information, modify passwords, or remove accounts by le...
How severe is CVE-2015-2959?
CVE-2015-2959 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-2959?
Check the references section above for vendor advisories and patch information. Affected products include: Zohocorp Manageengine Netflow Analyzer.