CVE-2019-8925 – An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. An Abs …

Vuln ID: CVE-2019-8925

Published:  2019-05-17  02:29:00Z

Description: An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. An Absolute Path Traversal vulnerability in the Administration zone, in /netflow/servlet/CReportPDFServlet (via the parameter schFilePath), allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via any file name, such as a schFilePath=C:boot.ini value.

Source: NVD.NIST.GOV

 

Tags