Access Control Flaw in ZOHO ManageEngine EventLog Analyzer
CVE-2014-6043

Currently unrated

Key Information:

Vendor

Zohocorp
Status
Manageengine Eventlog Analyzer
Vendor
CVE Published:
11 September 2014

What is CVE-2014-6043?

The ManageEngine EventLog Analyzer versions 9.0 build 9002 and 8.2 build 8020 are susceptible to an improper access control vulnerability that permits remote authenticated users to bypass security measures and access the database directly through a specific endpoint. The flaw occurs due to insufficient restrictions in the database browser functionality, which can lead to unauthorized manipulation or retrieval of sensitive information. This issue has been addressed in Build 10000.

References

http://packetstormsecurity.com/files/128102/ManageEngine-...
x_refsource_MISC
http://www.exploit-db.com/exploits/34519
exploitx_refsource_EXPLOIT-DB
http://seclists.org/fulldisclosure/2014/Aug/86
mailing-listx_refsource_FULLDISC

EPSS Score

5% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.