Vulnerability Details | |
---|---|
Impact | CVSS V3 rating: 10 (Critical) |
Reported | 18 Mar 2019 |
Fixed | 21 Mar 2019 |
Affected Builds | Till Build 123322 |
Fixed in | Build 123323 |
Overview | Vulnerability in Path traversal |
Recommended Fix | Upgrade to NetFlow Analyzer Version 12.3.323 or above. |
An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. An Absolute Path Traversal vulnerability in the Administration zone, in /netflow/servlet/CReportPDFServlet (via the parameter schFilePath), allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via any file name, such as a schFilePath=C:\boot.ini value.
We recommend that you upgrade to NetFlow Analyzer version 12.3.323 and above to fix this issue.
Source and Acknowledgements
Find out more about CVE-2019-8925, CVE-2019-8926, CVE-2019-8927, CVE-2019-8928 and CVE-2019-8929 from the CVE dictionary.
For clarification or corrections please contact our support team or email us at netflowanalyzer-support@manageengine.com