Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
11 vulnerabilities by Zoho Corporation
JVNDB-2019-000030
Vulnerability from jvndb - Published: 2019-05-31 13:51 - Updated:2019-10-01 10:54
Severity
Summary
Multiple vulnerabilities in WordPress Plugin "Zoho SalesIQ"
Details
WordPress Plugin "Zoho SalesIQ" provided by Zoho SalesIQ Team contains multiple vulnerabilities listed below.
* Cross-site Scripting (CWE-79) - CVE-2019-5962
* Cross-site Request Forgery (CWE-352) - CVE-2019-5963
Kouhei Ikeda of Cryptography Laboratory,Department of Information and Communication Engineering,Tokyo Denki University directly reported these vulnerabilities to the developer and coordinated on his own.
After coordination was completed, this case was reported to IPA, and JPCERT/CC coordinated with the developer for the publication under Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
|
|
||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-000030.html",
"dc:date": "2019-10-01T10:54+09:00",
"dcterms:issued": "2019-05-31T13:51+09:00",
"dcterms:modified": "2019-10-01T10:54+09:00",
"description": "WordPress Plugin \"Zoho SalesIQ\" provided by Zoho SalesIQ Team contains multiple vulnerabilities listed below.\r\n* Cross-site Scripting (CWE-79) - CVE-2019-5962 \r\n* Cross-site Request Forgery (CWE-352) - CVE-2019-5963 \r\n\r\nKouhei Ikeda of Cryptography Laboratory,Department of Information and Communication Engineering,Tokyo Denki University directly reported these vulnerabilities to the developer and coordinated on his own.\r\nAfter coordination was completed, this case was reported to IPA, and JPCERT/CC coordinated with the developer for the publication under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-000030.html",
"sec:cpe": {
"#text": "cpe:/a:zohocorp:salesiq",
"@product": "Zoho SalesIQ",
"@vendor": "Zoho Corporation",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "6.1",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2019-000030",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN88962935/index.html",
"@id": "JVN#88962935",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5962",
"@id": "CVE-2019-5962",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5963",
"@id": "CVE-2019-5963",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5962",
"@id": "CVE-2019-5962",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5963",
"@id": "CVE-2019-5963",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-352",
"@title": "Cross-Site Request Forgery(CWE-352)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Multiple vulnerabilities in WordPress Plugin \"Zoho SalesIQ\""
}
JVNDB-2016-002331
Vulnerability from jvndb - Published: 2016-12-05 15:02 - Updated:2016-12-05 15:02
Severity
Summary
ManageEngine Password Manager Pro fails to restrict access permissions
Details
ManageEngine Password Manager Pro provided by Zoho Corporation fails to restrict access permissions.
References
| Type | URL | |
|---|---|---|
|
|
||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-002331.html",
"dc:date": "2016-12-05T15:02+09:00",
"dcterms:issued": "2016-12-05T15:02+09:00",
"dcterms:modified": "2016-12-05T15:02+09:00",
"description": "ManageEngine Password Manager Pro provided by Zoho Corporation fails to restrict access permissions.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-002331.html",
"sec:cpe": {
"#text": "cpe:/a:zohocorp:manageengine_password_manager_pro",
"@product": "ManageEngine Password Manager Pro",
"@vendor": "Zoho Corporation",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:C/I:N/A:N",
"@version": "2.0"
},
{
"@score": "6.5",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-002331",
"sec:references": [
{
"#text": "http://jvn.jp/en/vu/JVNVU90405898/index.html",
"@id": "JVNVU#90405898",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1159",
"@id": "CVE-2016-1159",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-1159#vulnConfigurationsArea",
"@id": "CVE-2016-1159",
"@source": "NVD"
},
{
"#text": "http://excellium-services.com/en/cert-xlm-advisory/cve-2016-1159/",
"@id": "Excellium Services (CVE-2016-1159)",
"@source": "Related Information"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-200",
"@title": "Information Exposure(CWE-200)"
}
],
"title": "ManageEngine Password Manager Pro fails to restrict access permissions"
}
JVNDB-2016-003380
Vulnerability from jvndb - Published: 2016-12-05 14:32 - Updated:2017-05-23 16:23
Severity
Summary
ManageEngine Password Manager Pro vulnerable to cross-site request forgery
Details
ManageEngine Password Manager Pro contains a cross-site request forgery vulnerability.
ManageEngine Password Manager Pro provided by Zoho Corporation contains a cross-site request forgery vulnerability (CWE-352).
CWE-352: Cross-Site Request Forgery (CSRF)
https://cwe.mitre.org/data/definitions/352.html
References
| Type | URL | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-003380.html",
"dc:date": "2017-05-23T16:23+09:00",
"dcterms:issued": "2016-12-05T14:32+09:00",
"dcterms:modified": "2017-05-23T16:23+09:00",
"description": "ManageEngine Password Manager Pro contains a cross-site request forgery vulnerability.\r\n\r\nManageEngine Password Manager Pro provided by Zoho Corporation contains a cross-site request forgery vulnerability (CWE-352).\r\n\r\nCWE-352: Cross-Site Request Forgery (CSRF)\r\nhttps://cwe.mitre.org/data/definitions/352.html",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-003380.html",
"sec:cpe": {
"#text": "cpe:/a:zohocorp:manageengine_password_manager_pro",
"@product": "ManageEngine Password Manager Pro",
"@vendor": "Zoho Corporation",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "6.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "8.0",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-003380",
"sec:references": [
{
"#text": "http://jvn.jp/en/vu/JVNVU95113461/index.html",
"@id": "JVNVU#95113461",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1161",
"@id": "CVE-2016-1161",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-1161",
"@id": "CVE-2016-1161",
"@source": "NVD"
},
{
"#text": "http://excellium-services.com/en/cert-xlm-advisory/cve-2016-1161/",
"@id": "CVE-2016-1161 - Abstract Advisory Information",
"@source": "Related document"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-352",
"@title": "Cross-Site Request Forgery(CWE-352)"
}
],
"title": "ManageEngine Password Manager Pro vulnerable to cross-site request forgery"
}
JVNDB-2016-000171
Vulnerability from jvndb - Published: 2016-09-29 14:39 - Updated:2017-05-23 14:28
Severity
Summary
ManageEngine ServiceDesk Plus uses an insecure method for cookie generation
Details
ManageEngine ServiceDesk Plus provided by Zoho Corporation is a help desk software. ManageEngine ServiceDesk Plus uses an insecure method for generating cookies.
Akihito Mukai and Tomoshige Hasegawa reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000171.html",
"dc:date": "2017-05-23T14:28+09:00",
"dcterms:issued": "2016-09-29T14:39+09:00",
"dcterms:modified": "2017-05-23T14:28+09:00",
"description": "ManageEngine ServiceDesk Plus provided by Zoho Corporation is a help desk software. ManageEngine ServiceDesk Plus uses an insecure method for generating cookies.\r\n\r\nAkihito Mukai and Tomoshige Hasegawa reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000171.html",
"sec:cpe": {
"#text": "cpe:/a:zohocorp:manageengine_servicedesk_plus",
"@product": "ManageEngine ServiceDesk Plus",
"@vendor": "Zoho Corporation",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"@version": "2.0"
},
{
"@score": "3.7",
"@severity": "Low",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000171",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN72559412/index.html",
"@id": "JVN#72559412",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4890",
"@id": "CVE-2016-4890",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-4890",
"@id": "CVE-2016-4890",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "ManageEngine ServiceDesk Plus uses an insecure method for cookie generation"
}
JVNDB-2016-000170
Vulnerability from jvndb - Published: 2016-09-29 14:39 - Updated:2017-05-23 14:28
Severity
Summary
ManageEngine ServiceDesk Plus fails to restrict access permissions
Details
ManageEngine ServiceDesk Plus provided by Zoho Corporation is a help desk software. ManageEngine ServiceDesk Plus fails to restrict access permissions.
Akihito Mukai and Tomoshige Hasegawa reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000170.html",
"dc:date": "2017-05-23T14:28+09:00",
"dcterms:issued": "2016-09-29T14:39+09:00",
"dcterms:modified": "2017-05-23T14:28+09:00",
"description": "ManageEngine ServiceDesk Plus provided by Zoho Corporation is a help desk software. ManageEngine ServiceDesk Plus fails to restrict access permissions.\r\n\r\nAkihito Mukai and Tomoshige Hasegawa reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000170.html",
"sec:cpe": {
"#text": "cpe:/a:zohocorp:manageengine_servicedesk_plus",
"@product": "ManageEngine ServiceDesk Plus",
"@vendor": "Zoho Corporation",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "5.5",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"@version": "2.0"
},
{
"@score": "5.4",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000170",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN89726415/index.html",
"@id": "JVN#89726415",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4889",
"@id": "CVE-2016-4889",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-4889",
"@id": "CVE-2016-4889",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
}
],
"title": "ManageEngine ServiceDesk Plus fails to restrict access permissions"
}
JVNDB-2016-000169
Vulnerability from jvndb - Published: 2016-09-29 14:39 - Updated:2017-05-23 14:28
Severity
Summary
ManageEngine ServiceDesk Plus vulnerable to cross-site scripting
Details
ManageEngine ServiceDesk Plus provided by Zoho Corporation is a help desk software. ManageEngine ServiceDesk Plus contains a stored cross-site scripting (CWE-79) vulnerability.
Akihito Mukai and Tomoshige Hasegawa reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000169.html",
"dc:date": "2017-05-23T14:28+09:00",
"dcterms:issued": "2016-09-29T14:39+09:00",
"dcterms:modified": "2017-05-23T14:28+09:00",
"description": "ManageEngine ServiceDesk Plus provided by Zoho Corporation is a help desk software. ManageEngine ServiceDesk Plus contains a stored cross-site scripting (CWE-79) vulnerability.\r\n\r\nAkihito Mukai and Tomoshige Hasegawa reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000169.html",
"sec:cpe": {
"#text": "cpe:/a:zohocorp:manageengine_servicedesk_plus",
"@product": "ManageEngine ServiceDesk Plus",
"@vendor": "Zoho Corporation",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "5.4",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000169",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN50347324/index.html",
"@id": "JVN#50347324",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4888",
"@id": "CVE-2016-4888",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-4888",
"@id": "CVE-2016-4888",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "ManageEngine ServiceDesk Plus vulnerable to cross-site scripting"
}
JVNDB-2015-000186
Vulnerability from jvndb - Published: 2015-11-27 13:29 - Updated:2018-01-24 12:12Summary
ManageEngine Firewall Analyzer fails to restrict access permissions
Details
ManageEngine Firewall Analyzer provided by Zoho Corporation is a log analytics and configuration management software for network security devices. ManageEngine Firewall Analyzer contains a vulnerability where access permissions are not restricted.
Mukai Akihito, Hasegawa Tomoshige reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000186.html",
"dc:date": "2018-01-24T12:12+09:00",
"dcterms:issued": "2015-11-27T13:29+09:00",
"dcterms:modified": "2018-01-24T12:12+09:00",
"description": "ManageEngine Firewall Analyzer provided by Zoho Corporation is a log analytics and configuration management software for network security devices. ManageEngine Firewall Analyzer contains a vulnerability where access permissions are not restricted.\r\n\r\nMukai Akihito, Hasegawa Tomoshige reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000186.html",
"sec:cpe": {
"#text": "cpe:/a:zohocorp:manageengine_firewall_analyzer",
"@product": "ManageEngine Firewall Analyzer",
"@vendor": "Zoho Corporation",
"@version": "2.2"
},
"sec:cvss": {
"@score": "5.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2015-000186",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN12991684/index.html",
"@id": "JVN#12991684",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7781",
"@id": "CVE-2015-7781",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2015-7781",
"@id": "CVE-2015-7781",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
}
],
"title": "ManageEngine Firewall Analyzer fails to restrict access permissions"
}
JVNDB-2015-000185
Vulnerability from jvndb - Published: 2015-11-27 13:28 - Updated:2018-01-24 12:05Summary
ManageEngine Firewall Analyzer vulnerable to directory traversal
Details
ManageEngine Firewall Analyzer provided by Zoho Corporation is a log analytics and configuration management software for network security devices. ManageEngine Firewall Analyzer contains a directory traversal vulnerability.
Mukai Akihito and Hasegawa Tomoshige reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000185.html",
"dc:date": "2018-01-24T12:05+09:00",
"dcterms:issued": "2015-11-27T13:28+09:00",
"dcterms:modified": "2018-01-24T12:05+09:00",
"description": "ManageEngine Firewall Analyzer provided by Zoho Corporation is a log analytics and configuration management software for network security devices. ManageEngine Firewall Analyzer contains a directory traversal vulnerability.\r\n\r\nMukai Akihito and Hasegawa Tomoshige reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000185.html",
"sec:cpe": {
"#text": "cpe:/a:zohocorp:manageengine_firewall_analyzer",
"@product": "ManageEngine Firewall Analyzer",
"@vendor": "Zoho Corporation",
"@version": "2.2"
},
"sec:cvss": {
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2015-000185",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN21968837/index.html",
"@id": "JVN#21968837",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7780",
"@id": "CVE-2015-7780",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2015-7780",
"@id": "CVE-2015-7780",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-22",
"@title": "Path Traversal(CWE-22)"
}
],
"title": "ManageEngine Firewall Analyzer vulnerable to directory traversal"
}
JVNDB-2015-000076
Vulnerability from jvndb - Published: 2015-06-05 14:14 - Updated:2015-06-10 16:14Summary
NetFlow Analyzer vulnerable to cross-site request forgery
Details
NetFlow Analyzer provided by Zoho Corporation contains a cross-site request forgery vulnerability.
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000076.html",
"dc:date": "2015-06-10T16:14+09:00",
"dcterms:issued": "2015-06-05T14:14+09:00",
"dcterms:modified": "2015-06-10T16:14+09:00",
"description": "NetFlow Analyzer provided by Zoho Corporation contains a cross-site request forgery vulnerability.",
"link": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000076.html",
"sec:cpe": {
"#text": "cpe:/a:zohocorp:netflow_analyzer",
"@product": "NetFlow Analyzer",
"@vendor": "Zoho Corporation",
"@version": "2.2"
},
"sec:cvss": {
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2015-000076",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN79284156/index.html",
"@id": "JVN#79284156",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2961",
"@id": "CVE-2015-2961",
"@source": "CVE"
},
{
"#text": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2961",
"@id": "CVE-2015-2961",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-352",
"@title": "Cross-Site Request Forgery(CWE-352)"
}
],
"title": "NetFlow Analyzer vulnerable to cross-site request forgery"
}
JVNDB-2015-000075
Vulnerability from jvndb - Published: 2015-06-05 14:02 - Updated:2015-06-10 16:10Summary
NetFlow Analyzer fails to restrict access permissions
Details
NetFlow Analyzer provided by Zoho Corporation fails to restrict access permissions.
Tomoshige Hasegawa, Akihito Mukai reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000075.html",
"dc:date": "2015-06-10T16:10+09:00",
"dcterms:issued": "2015-06-05T14:02+09:00",
"dcterms:modified": "2015-06-10T16:10+09:00",
"description": "NetFlow Analyzer provided by Zoho Corporation fails to restrict access permissions.\r\n\r\nTomoshige Hasegawa, Akihito Mukai reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000075.html",
"sec:cpe": {
"#text": "cpe:/a:zohocorp:netflow_analyzer",
"@product": "NetFlow Analyzer",
"@vendor": "Zoho Corporation",
"@version": "2.2"
},
"sec:cvss": {
"@score": "5.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2015-000075",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN25598413/index.html",
"@id": "JVN#25598413",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2959",
"@id": "CVE-2015-2959",
"@source": "CVE"
},
{
"#text": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2959",
"@id": "CVE-2015-2959",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
}
],
"title": "NetFlow Analyzer fails to restrict access permissions"
}
JVNDB-2015-000074
Vulnerability from jvndb - Published: 2015-06-05 13:59 - Updated:2015-06-10 16:06Summary
NetFlow Analyzer vulnerable to cross-site scripting
Details
NetFlow Analyzer provided by Zoho Corporation contains a cross-site scripting vulnerability.
Tomoshige Hasegawa, Akihito Mukai reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000074.html",
"dc:date": "2015-06-10T16:06+09:00",
"dcterms:issued": "2015-06-05T13:59+09:00",
"dcterms:modified": "2015-06-10T16:06+09:00",
"description": "NetFlow Analyzer provided by Zoho Corporation contains a cross-site scripting vulnerability.\r\n\r\nTomoshige Hasegawa, Akihito Mukai reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000074.html",
"sec:cpe": {
"#text": "cpe:/a:zohocorp:netflow_analyzer",
"@product": "NetFlow Analyzer",
"@vendor": "Zoho Corporation",
"@version": "2.2"
},
"sec:cvss": {
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2015-000074",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN98447310/index.html",
"@id": "JVN#98447310",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2960",
"@id": "CVE-2015-2960",
"@source": "CVE"
},
{
"#text": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2960",
"@id": "CVE-2015-2960",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "NetFlow Analyzer vulnerable to cross-site scripting"
}