ManageEngine EventLog Analyzer Multiple Security Vulnerabilities
BID:69482
CVE-2014-6037 | CVE-2014-6043 |Info
ManageEngine EventLog Analyzer Multiple Security Vulnerabilities
| Bugtraq ID: | 69482 |
| Class: | Input Validation Error |
| CVE: |
CVE-2014-6037 CVE-2014-6043 |
| Remote: | Yes |
| Local: | No |
| Published: | Aug 31 2014 12:00AM |
| Updated: | May 15 2015 02:15AM |
| Credit: | Andrea Micalizzi (rgod) |
| Vulnerable: | |
| Not Vulnerable: | |
Discussion
ManageEngine EventLog Analyzer Multiple Security Vulnerabilities
ManageEngine EventLog Analyzer is prone to an arbitrary file-upload vulnerability and an unauthorized-access vulnerability.
Attackers can exploit these issues to execute arbitrary code and gain unauthorized access to the critical sections of the application.
EventLog Analyzer 9.9 Build 9002 and prior are vulnerable.
ManageEngine EventLog Analyzer is prone to an arbitrary file-upload vulnerability and an unauthorized-access vulnerability.
Attackers can exploit these issues to execute arbitrary code and gain unauthorized access to the critical sections of the application.
EventLog Analyzer 9.9 Build 9002 and prior are vulnerable.
Exploit / POC
ManageEngine EventLog Analyzer Multiple Security Vulnerabilities
An attacker can exploit this issue using a web browser or readily available tools.
The following example URI and exploit code is available:
http://www.example.com/event/runQuery.do
An attacker can exploit this issue using a web browser or readily available tools.
The following example URI and exploit code is available:
http://www.example.com/event/runQuery.do
Solution / Fix
ManageEngine EventLog Analyzer Multiple Security Vulnerabilities
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
ManageEngine EventLog Analyzer Multiple Security Vulnerabilities
References:
References:
- Event LogAnalyzer Homepage (ManageEngine)