Cross-Site Request Forgery Vulnerability in Zoho NetFlow Analyzer
CVE-2015-2961

Currently unrated

Key Information:

Vendor: Zohocorp
Status: Manageengine Netflow Analyzer
Vendor: CVE Published:; 9 June 2015

What is CVE-2015-2961?

A Cross-Site Request Forgery (CSRF) vulnerability exists in Zoho NetFlow Analyzer that could allow remote attackers to exploit the flaw and hijack the authentication sessions of administrators. This security issue is particularly dangerous as it can be used to execute unauthorized actions on behalf of the admin user without their consent. Administrators are advised to upgrade to the latest version of the product to mitigate this risk and ensure the security of their network traffic monitoring.

References

http://jvn.jp/en/jp/JVN79284156/index.html

third-party-advisoryx_refsource_JVN

http://www.securitytracker.com/id/1032516

vdb-entryx_refsource_SECTRACK

http://www.securityfocus.com/bid/75067

vdb-entryx_refsource_BID

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 9, 2015
Vulnerability Reserved
Apr 7, 2015

Zohocorp

What is CVE-2015-2961?

References

Timeline