CVE-2015-2959

Zoho NetFlow Analyzer <10250 - Info Disclosure

Title source: llm

Description

Zoho NetFlow Analyzer build 10250 and earlier does not check for administrative authorization, which allows remote attackers to obtain sensitive information, modify passwords, or remove accounts by leveraging the guest role.

References (5)

Core 5

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1032516

Vendor Advisory third-party-advisory x_refsource_jvn

http://jvn.jp/en/jp/JVN25598413/index.html

Vendor Advisory third-party-advisory x_refsource_jvndb

http://jvndb.jvn.jp/jvndb/JVNDB-2015-000075

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/75065

Patch, Vendor Advisory x_refsource_confirm

https://support.zoho.com/portal/manageengine/helpcenter/articles/vulnerability-fix-for-fails-to-restrict-access-permissions-cross-site-scripting-cross-site-request-forgery-over-build-10250

Scores

EPSS 0.0082

EPSS Percentile 74.7%

Details

CWE

CWE-284

Status published

Products (1)

zohocorp/manageengine_netflow_analyzer

Published Jun 09, 2015

Tracked Since Feb 18, 2026