ManageEngine EventLog Analyzer 'agentHandler' Information Disclosure

medium Nessus Plugin ID 81402

Synopsis

The remote web server hosts an application that is affected by multiple information disclosure vulnerabilities.

Description

The EventLog Analyzer version installed on the remote web server is affected by multiple information disclosure vulnerabilities :

- A flaw exists in the 'agentHandler' servlet that allows a remote attacker to retrieve user names and password hashes and other sensitive information. (CVE-2014-6038)

- A flaw exists in the 'hostdetails' servlet that allows a remote attacker to retrieve user names and passwords for systems managed by EventLog Analyzer. (CVE-2014-6039)

Note that Nessus only checked for the flaw outlined by CVE-2014-6038;
however, it is highly likely that the version is also affected by the flaw outlined in CVE-2014-6039.

Solution

Upgrade to version 10 or later.

See Also

https://www.manageengine.com/products/eventlog/

https://seclists.org/bugtraq/2014/Nov/32

Plugin Details

Severity: Medium

ID: 81402

File Name: manageengine_eventlog_analyzer_CVE-2014-6038.nasl

Version: 1.8

Type: remote

Family: CGI abuses

Published: 2/18/2015

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 4.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: cpe:/a:zohocorp:manageengine_eventlog_analyzer

Required KB Items: installed_sw/ManageEngine EventLog Analyzer

Exploit Ease: No known exploits are available

Patch Publication Date: 1/23/2015

Vulnerability Publication Date: 11/5/2014

Reference Information

CVE: CVE-2014-6038, CVE-2014-6039

BID: 70959, 70960