6.5

CVE-2014-6043

Exploit

EPSS 5.8%
Published 11.09.2014 15:55:05
Last modified 12.04.2025 10:46:40
Source cve@mitre.org
Teams watchlist Login
Open Login

ZOHO ManageEngine EventLog Analyzer 9.0 build 9002 and 8.2 build 8020 does not properly restrict access to the database browser, which allows remote authenticated users to obtain access to the database via a direct request to event/runQuery.do. Fixed in Build 10000.

Affected products Warnungen 0 Metrics 2 CWE 0 References 9

Data is provided by the National Vulnerability Database (NVD)

Zohocorp ≫ Manageengine Eventlog Analyzer Version8.2 Update8020

Zohocorp ≫ Manageengine Eventlog Analyzer Version9.0 Update9002

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	5.8%	0.895

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P

http://packetstormsecurity.com/files/128102/ManageEngine-EventLog-Analyzer-9.9-Authorization-Code-Execution.html

Exploit

http://seclists.org/fulldisclosure/2014/Aug/86

US Government Resource

Exploit

http://seclists.org/fulldisclosure/2014/Sep/19

Exploit

http://www.exploit-db.com/exploits/34519

Exploit

http://www.securityfocus.com/bid/69482

Exploit

https://www.mogwaisecurity.de/advisories/MSA-2014-01.txt

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2014-6043

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2014-6043

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2014-6043

EUVD