Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Manageengine_eventlog_analyzer
(Zohocorp)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 19 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2014-08-29 | CVE-2014-4930 | Multiple cross-site scripting (XSS) vulnerabilities in event/index2.do in ManageEngine EventLog Analyzer before 9.0 build 9002 allow remote attackers to inject arbitrary web script or HTML via the (1) width, (2) height, (3) url, (4) helpP, (5) tab, (6) module, (7) completeData, (8) RBBNAME, (9) TC, (10) rtype, (11) eventCriteria, (12) q, (13) flushCache, or (14) product parameter. Fixed in Build 11072. | Manageengine_eventlog_analyzer | N/A | ||
| 2019-06-18 | CVE-2019-12133 | Multiple Zoho ManageEngine products suffer from local privilege escalation due to improper permissions for the %SYSTEMDRIVE%\ManageEngine directory and its sub-folders. Moreover, the services associated with said products try to execute binaries such as sc.exe from the current directory upon system start. This will effectively allow non-privileged users to escalate privileges to NT AUTHORITY\SYSTEM. This affects Desktop Central 10.0.380, EventLog Analyzer 12.0.2, ServiceDesk Plus 10.0.0,... | Manageengine_analytics_plus, Manageengine_browser_security_plus, Manageengine_desktop_central, Manageengine_eventlog_analyzer, Manageengine_firewall, Manageengine_key_manager_plus, Manageengine_mobile_device_manager_plus, Manageengine_netflow_analyzer, Manageengine_network_configuration_manager, Manageengine_o365_manager_plus, Manageengine_opmanager, Manageengine_oputils, Manageengine_password_manager_pro, Manageengine_patch_connect_plus, Manageengine_patch_manager_plus, Manageengine_servicedesk_plus, Manageengine_supportcenter_plus, Manageengine_vulnerability_manager_plus | 7.8 | ||
| 2018-03-15 | CVE-2018-8721 | Zoho ManageEngine EventLog Analyzer version 11.0 build 11000 has Stored XSS related to the index2.do?url=editAlertForm&tab=alert&alert=profile URI and the Edit Alert Profile screen | Manageengine_eventlog_analyzer | 6.1 | ||
| 2018-03-13 | CVE-2018-7405 | Cross-site scripting (XSS) in Zoho ManageEngine EventLog Analyzer before 11.12 Build 11120 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | Manageengine_eventlog_analyzer | 6.1 | ||
| 2018-07-02 | CVE-2018-10076 | An issue was discovered in Zoho ManageEngine EventLog Analyzer 11.12. A Cross-Site Scripting vulnerability allows a remote attacker to inject arbitrary web script or HTML via the search functionality (the search box of the Dashboard). | Manageengine_eventlog_analyzer | 6.1 | ||
| 2018-07-02 | CVE-2018-10075 | Cross-site scripting (XSS) vulnerability in Zoho ManageEngine EventLog Analyzer 11.12 allows remote attackers to inject arbitrary web script or HTML via the import logs feature. | Manageengine_eventlog_analyzer | 6.1 | ||
| 2017-07-27 | CVE-2017-11687 | Multiple Persistent cross-site scripting (XSS) vulnerabilities in Event log parsing and Display functions in Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allow remote attackers to inject arbitrary web script or HTML via syslog. | Manageengine_eventlog_analyzer | 6.1 | ||
| 2017-07-27 | CVE-2017-11686 | Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allows remote attackers to obtain an authenticated user's password via XSS vulnerabilities or sniffing non-SSL traffic on the network, because the password is represented in a cookie with a reversible encoding method. | Manageengine_eventlog_analyzer | 6.1 | ||
| 2017-07-27 | CVE-2017-11685 | Multiple Reflective cross-site scripting (XSS) vulnerabilities in search and display of event data in Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allow remote attackers to inject arbitrary web script or HTML, as demonstrated by the fName parameter. | Manageengine_eventlog_analyzer | 6.1 |