Security Updates - CVE Database

CVE-2019-8925, CVE-2019-8926, CVE-2019-8927, CVE-2019-8928 and CVE-2019-8929

Path traversal vulnerability

Vulnerability Details
Impact CVSS V3 rating: 10 (Critical)
Reported 18 Mar 2019
Fixed 21 Mar 2019
Affected Builds Till Build 123322
Fixed in Build 123323
Overview Vulnerability in Path traversal
Recommended Fix Upgrade to NetFlow Analyzer Version 12.3.323 or above.

Description

An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. An Absolute Path Traversal vulnerability in the Administration zone, in /netflow/servlet/CReportPDFServlet (via the parameter schFilePath), allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via any file name, such as a schFilePath=C:\boot.ini value.

We recommend that you upgrade to NetFlow Analyzer version 12.3.323 and above to fix this issue.

Source and Acknowledgements

Find out more about CVE-2019-8925, CVE-2019-8926, CVE-2019-8927, CVE-2019-8928 and CVE-2019-8929 from the CVE dictionary.

Need Help?

For clarification or corrections please contact our support team or email us at netflowanalyzer-support@manageengine.com