Security Updates - CVE Database

CVE-2019-7422, CVE-2019-7423, CVE-2019-7424, CVE-2019-7425, CVE-2019-7426 and CVE-2019-7427

Unauthenticated Remote Code Execution (RCE) vulnerability

Vulnerability Details
Impact CVSS V3 rating: 10 (Critical)
Reported 18 Mar 2019
Fixed 21 Mar 2019
Affected Builds Till Build 123322
Fixed in Build 123323
Overview Vulnerability in Cross Site Scripting
Recommended Fix Upgrade to NetFlow Analyzer Version 12.3.323 or above.

Description

XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/addMailSettings.jsp" file in the gF parameter.

We recommend that you upgrade to NetFlow Analyzer version 12.3.323 and above to fix this issue.

Source and Acknowledgements

Find out more about CVE-2019-7422, CVE-2019-7423, CVE-2019-7424, CVE-2019-7425, CVE-2019-7426 and CVE-2019-74273 from the CVE dictionary.

Need Help?

For clarification or corrections please contact our support team or email us at netflowanalyzer-support@manageengine.com