Summary
ManageEngine EventLog Analyzer is prone to an information disclosure vulnerability.
Impact
Exploiting this issue could allow an attacker read usernames and passwords.
Solution
Ask the Vendor for an update.
Affected
all versions from v7 to v9.9 build 9002.
Detection
Send a HTTP GET request and check the response.
Severity
Classification
-
CVE CVE-2014-6038, CVE-2014-6039 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities