6.5

CVE-2014-6043

Exploit

EPSS 5.8%
Veröffentlicht 11.09.2014 15:55:05
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

ZOHO ManageEngine EventLog Analyzer 9.0 build 9002 and 8.2 build 8020 does not properly restrict access to the database browser, which allows remote authenticated users to obtain access to the database via a direct request to event/runQuery.do. Fixed in Build 10000.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 9

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Zohocorp ≫ Manageengine Eventlog Analyzer Version8.2 Update8020

Zohocorp ≫ Manageengine Eventlog Analyzer Version9.0 Update9002

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	5.8%	0.895

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P

http://packetstormsecurity.com/files/128102/ManageEngine-EventLog-Analyzer-9.9-Authorization-Code-Execution.html

Exploit

http://seclists.org/fulldisclosure/2014/Aug/86

US Government Resource

Exploit

http://seclists.org/fulldisclosure/2014/Sep/19

Exploit

http://www.exploit-db.com/exploits/34519

Exploit

http://www.securityfocus.com/bid/69482

Exploit

https://www.mogwaisecurity.de/advisories/MSA-2014-01.txt

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2014-6043

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2014-6043

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2014-6043

EUVD