Zoho Corporation ManageEngine EventLog Analyzer 8.2 8020
Approved changes feed: RSS · Atom
cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:8.2:8020:*:*:*:*:*:*
part: a version: 8.2 update: 8020
| Vendor | Zohocorp (4f1ab088-ab0e-54ac-b0dc-2304879a7502) |
|---|---|
| Product | Manageengine Eventlog Analyzer (09cabc01-6902-56c4-9f3e-6260aff74ad2) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2014-6043 |
vulnerable | 2026-06-03 14:34:12.433799 |
Details available
ZOHO ManageEngine EventLog Analyzer 9.0 build 9002 and 8.2 build 8020 does not properly restrict access to the database browser, which allows remote authenticated users to obtain access to the database via a direct request to event/runQuery.do. Fixed in Build 10000.
Published: 2014-09-11T15:00:00.000Z
Updated: 2024-08-06T12:03:02.320Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2014-6037 |
vulnerable | 2026-06-03 14:34:12.411467 |
Details available
Directory traversal vulnerability in the agentUpload servlet in ZOHO ManageEngine EventLog Analyzer 9.0 build 9002 and 8.2 build 8020 allows remote attackers to execute arbitrary code by uploading a ZIP file which contains an executable file with .. (dot dot) sequences in its name, then accessing the executable via a direct request to the file under the web root. Fixed in Build 11072.
Published: 2014-10-26T19:00:00.000Z
Updated: 2024-08-06T12:03:02.310Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.