Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2014-6043

ZOHO ManageEngine EventLog Analyzer 9.0 build 9002 and 8.2 build 8020 does not properly restrict access to the database browser, which allows remote authenticated users to obtain access to the database via a direct request to event/runQuery.do. Fixed in Build 10000.

Published

2014-09-11T15:55:05.333

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 6.5 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

8.0

Impact Score

6.4

Weaknesses

Type: Primary
CWE-264

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	zohocorp	manageengine_eventlog_analyzer	8.2	Yes
Application	zohocorp	manageengine_eventlog_analyzer	9.0	Yes

References

http://packetstormsecurity.com/files/128102/ManageEngine-EventLog-Analyzer-9.9-Authorization-Code-Execution.html Exploit ([email protected])
http://seclists.org/fulldisclosure/2014/Aug/86 Exploit, US Government Resource ([email protected])
http://seclists.org/fulldisclosure/2014/Sep/19 Exploit ([email protected])
http://www.exploit-db.com/exploits/34519 Exploit ([email protected])
http://www.securityfocus.com/bid/69482 Exploit ([email protected])
https://www.mogwaisecurity.de/advisories/MSA-2014-01.txt Exploit ([email protected])
http://packetstormsecurity.com/files/128102/ManageEngine-EventLog-Analyzer-9.9-Authorization-Code-Execution.html Exploit (af854a3a-2127-422b-91ae-364da2661108)
http://seclists.org/fulldisclosure/2014/Aug/86 Exploit, US Government Resource (af854a3a-2127-422b-91ae-364da2661108)
http://seclists.org/fulldisclosure/2014/Sep/19 Exploit (af854a3a-2127-422b-91ae-364da2661108)
http://www.exploit-db.com/exploits/34519 Exploit (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/69482 Exploit (af854a3a-2127-422b-91ae-364da2661108)
https://www.mogwaisecurity.de/advisories/MSA-2014-01.txt Exploit (af854a3a-2127-422b-91ae-364da2661108)