Vulnerability Details CVE-2014-6038
Zoho ManageEngine EventLog Analyzer versions 7 through 9.9 build 9002 have a database Information Disclosure Vulnerability. Fixed in EventLog Analyzer 10.0 Build 10000.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.838
EPSS Ranking 99.2%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- http://packetstormsecurity.com/files/128996/ManageEngine-EventLog-Analyzer-SQL-Credential-Disclosure.html
- http://seclists.org/fulldisclosure/2014/Nov/12
- http://www.securityfocus.com/bid/70959
- https://exchange.xforce.ibmcloud.com/vulnerabilities/98540
- http://packetstormsecurity.com/files/128996/ManageEngine-EventLog-Analyzer-SQL-Credential-Disclosure.html
- http://seclists.org/fulldisclosure/2014/Nov/12
- http://www.securityfocus.com/bid/70959
- https://exchange.xforce.ibmcloud.com/vulnerabilities/98540
Products affected by CVE-2014-6038
-
cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:7.0
-
cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:7.2
-
cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:8.2
-
cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:8.5
-
cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:8.6
-
cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:9.0
-
cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:9.9