Lucene search

K

MitreCVELIST:CVE-2014-6043

HistorySep 11, 2014 - 3:00 p.m.

CVE-2014-6043

2014-09-1115:00:00

mitre

www.cve.org

5

AI Score

6.2

Confidence

Low

EPSS

0.013

Percentile

86.2%

ZOHO ManageEngine EventLog Analyzer 9.0 build 9002 and 8.2 build 8020 does not properly restrict access to the database browser, which allows remote authenticated users to obtain access to the database via a direct request to event/runQuery.do. Fixed in Build 10000.

References

packetstormsecurity.com/files/128102/ManageEngine-EventLog-Analyzer-9.9-Authorization-Code-Execution.html

seclists.org/fulldisclosure/2014/Aug/86

seclists.org/fulldisclosure/2014/Sep/19

www.exploit-db.com/exploits/34519

www.securityfocus.com/bid/69482

www.mogwaisecurity.de/advisories/MSA-2014-01.txt

AI Score

6.2

Confidence

Low

EPSS

0.013

Percentile

86.2%

Related for CVELIST:CVE-2014-6043

prion1 nvd1 cve1 exploitdb1