What is the severity of CVE-2015-2959?

CVE-2015-2959 is rated as a high severity vulnerability due to its potential to allow unauthorized access to sensitive information.

How do I fix CVE-2015-2959?

To fix CVE-2015-2959, upgrade to the latest version of Zoho NetFlow Analyzer that includes proper administrative authorization checks.

What types of attacks are possible with CVE-2015-2959?

With CVE-2015-2959, attackers can gain unauthorized access to sensitive information, modify account passwords, or remove user accounts.

Which versions of Zoho NetFlow Analyzer are affected by CVE-2015-2959?

CVE-2015-2959 affects versions of Zoho NetFlow Analyzer build 10250 and earlier.

Who can be affected by the CVE-2015-2959 vulnerability?

Organizations using vulnerable versions of Zoho NetFlow Analyzer may be at risk from exploitation by remote attackers.

Vulnerability/
CVE-2015-2959

high

7.5

CWE

284

9/6/2015

6/8/2024

CVE-2015-2959

First published: Tue Jun 09 2015(Updated: )

Zoho NetFlow Analyzer build 10250 and earlier does not check for administrative authorization, which allows remote attackers to obtain sensitive information, modify passwords, or remove accounts by leveraging the guest role.

Credit: vultures@jpcert.or.jp

Affected Software	Affected Version	How to fix
Zoho ManageEngine NetFlow Analyzer

Remedy

https://support.zoho.com/portal/manageengine/helpcenter/articles/vulnerability-fix-for-fails-to-restrict-access-permissions-cross-site-scripting-cross-site-request-forgery-over-build-10250

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2015-2959?
CVE-2015-2959 is rated as a high severity vulnerability due to its potential to allow unauthorized access to sensitive information.
How do I fix CVE-2015-2959?
To fix CVE-2015-2959, upgrade to the latest version of Zoho NetFlow Analyzer that includes proper administrative authorization checks.
What types of attacks are possible with CVE-2015-2959?
With CVE-2015-2959, attackers can gain unauthorized access to sensitive information, modify account passwords, or remove user accounts.
Which versions of Zoho NetFlow Analyzer are affected by CVE-2015-2959?
CVE-2015-2959 affects versions of Zoho NetFlow Analyzer build 10250 and earlier.
Who can be affected by the CVE-2015-2959 vulnerability?
Organizations using vulnerable versions of Zoho NetFlow Analyzer may be at risk from exploitation by remote attackers.

agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/author
agent/weakness
agent/references
agent/remedy
agent/severity
agent/event
agent/first-publish-date
agent/description
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/zohocorp
canonical/zoho manageengine netflow analyzer

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.