Vulnerabilities > Zohocorp > Manageengine Netflow Analyzer > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-01-08 | CVE-2023-47211 | Path Traversal vulnerability in Zohocorp products A directory traversal vulnerability exists in the uploadMib functionality of ManageEngine OpManager 12.7.258. | 8.6 |
2022-07-18 | CVE-2022-35404 | Improper Input Validation vulnerability in Zohocorp products ManageEngine Password Manager Pro 12100 and prior and OPManager 126100 and prior are vulnerable to unauthorized file and directory creation on a server machine. | 8.2 |
2019-06-18 | CVE-2019-12133 | Uncontrolled Search Path Element vulnerability in Zohocorp products Multiple Zoho ManageEngine products suffer from local privilege escalation due to improper permissions for the %SYSTEMDRIVE%\ManageEngine directory and its sub-folders. | 7.2 |
2019-06-05 | CVE-2019-12196 | SQL Injection vulnerability in Zohocorp Manageengine Netflow Analyzer 12.3 A SQL injection vulnerability in /client/api/json/v2/nfareports/compareReport in Zoho ManageEngine NetFlow Analyzer 12.3 allows attackers to execute arbitrary SQL commands via the DeviceID parameter. | 7.5 |
2018-06-29 | CVE-2018-12997 | Information Exposure vulnerability in Zohocorp products Incorrect Access Control in FailOverHelperServlet in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 allows attackers to read certain files on the web server without login by sending a specially crafted request to the server with the operation=copyfile&fileName= substring. | 7.5 |
2015-06-09 | CVE-2015-2959 | Improper Access Control vulnerability in Zohocorp Manageengine Netflow Analyzer Zoho NetFlow Analyzer build 10250 and earlier does not check for administrative authorization, which allows remote attackers to obtain sensitive information, modify passwords, or remove accounts by leveraging the guest role. | 7.5 |