Vulnerability CVE-2015-2961

Vulnerability CVE-2015-2961

Published: 2015-06-08 Modified: 2015-06-09

Description:

Cross-site request forgery (CSRF) vulnerability in Zoho NetFlow Analyzer build 10250 and earlier allows remote attackers to hijack the authentication of administrators.

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVSS Base Score	Impact Subscore	Exploitability Subscore
6.8/10	6.4/10	8.6/10

Exploit range	Attack complexity	Authentication
Remote	Medium	No required
Confidentiality impact	Integrity impact	Availability impact
Partial	Partial	Partial

Affected software
Zohocorp -> Manageengine netflow analyzer

References:

http://jvn.jp/en/jp/JVN79284156/index.html

http://jvndb.jvn.jp/jvndb/JVNDB-2015-000076

http://www.securityfocus.com/bid/75067

http://www.securitytracker.com/id/1032516

https://support.zoho.com/portal/manageengine/helpcenter/articles/vulnerability-fix-for-fails-to-restrict-access-permissions-cross-site-scripting-cross-site-request-forgery-over-build-10250

Vulnerability CVE-2015-2961

Cross-site request forgery (CSRF) vulnerability in Zoho NetFlow Analyzer build 10250 and earlier allows remote attackers to hijack the authentication of administrators.

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:P)

6.8/10

6.4/10

8.6/10

Remote

Medium

No required

Partial

Partial

Partial

Affected software

References: