Vulnerability Details CVE-2015-4418
Zoho NetFlow Analyzer build 10250 and earlier does not have an off autocomplete attribute for a password field, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.049
EPSS Ranking 89.2%
CVSS Severity
CVSS v2 Score 5.0
References
- http://www.securityfocus.com/bid/75068
- http://www.securitytracker.com/id/1032516
- https://support.zoho.com/portal/manageengine/helpcenter/articles/vulnerability-fix-for-fails-to-restrict-access-permissions-cross-site-scripting-cross-site-request-forgery-over-build-10250
- http://www.securityfocus.com/bid/75068
- http://www.securitytracker.com/id/1032516
- https://support.zoho.com/portal/manageengine/helpcenter/articles/vulnerability-fix-for-fails-to-restrict-access-permissions-cross-site-scripting-cross-site-request-forgery-over-build-10250
Products affected by CVE-2015-4418
-
cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:-