NetFlow Analyzer Vulnerability (CVE-2015-4418)
NetFlow Analyzer Vulnerability (CVE-2015-4418)
Release date:
Updated on:
Affected Systems:
ManageEngine Netflow Analyzer <= build 10250
Description:
Bugtraq id: 75068
CVE (CAN) ID: CVE-2015-4418
NetFlow Analyzer is a Web-based broadband monitoring and traffic analysis tool.
The password field of Zoho NetFlow Analyzer build 10250 and earlier does not have the off autocomplete attribute, which allows remote attackers to exploit this vulnerability to gain access permissions through unattended workstations.
<* Source: vendor
*>
Suggestion:
Vendor patch:
ManageEngine
------------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Https://uploads.zohocorp.com/Internal_Useruploads/dnd/NetFlow_Analyzer/o_19gp14fd1lvl1jks1r821n5t160j1/CSRF_Fix.zip
This article permanently updates the link address: