Vulnerability CVE-2015-4418

Vulnerability CVE-2015-4418

Published: 2015-06-08 Modified: 2015-06-09

Description:

Zoho NetFlow Analyzer build 10250 and earlier does not have an off autocomplete attribute for a password field, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVSS Base Score	Impact Subscore	Exploitability Subscore
5/10	2.9/10	10/10

Exploit range	Attack complexity	Authentication
Remote	Low	No required
Confidentiality impact	Integrity impact	Availability impact
None	Partial	None

Affected software
Zohocorp -> Manageengine netflow analyzer

References:

http://www.securityfocus.com/bid/75068

http://www.securitytracker.com/id/1032516

https://support.zoho.com/portal/manageengine/helpcenter/articles/vulnerability-fix-for-fails-to-restrict-access-permissions-cross-site-scripting-cross-site-request-forgery-over-build-10250

Vulnerability CVE-2015-4418

Zoho NetFlow Analyzer build 10250 and earlier does not have an off autocomplete attribute for a password field, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:P/A:N)

5/10

2.9/10

10/10

Remote

Low

No required

None

Partial

None

Affected software

References: