U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Vulnerability Change Records for CVE-2014-5445

Change History

Initial CVE Analysis 12/04/2014 1:54:00 PM

Action Type Old Value New Value
Added CPE Configuration

								
							
							
						
Configuration 1
     OR
          *cpe:2.3:a:zohocorp:manageengine_it360:10.3:*:*:*:*:*:*:*
Configuration 2
     OR
          *cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:8.6:*:*:*:*:*:*:*
          *cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:9.0:*:*:*:*:*:*:*
          *cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:9.1:*:*:*:*:*:*:*
          *cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:9.5:*:*:*:*:*:*:*
          *cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:9.6:*:*:*:*:*:*:*
          *cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:9.7:*:*:*:*:*:*:*
          *cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:9.8:*:*:*:*:*:*:*
          *cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:9.8.5:*:*:*:*:*:*:*
          *cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:9.8.6:*:*:*:*:*:*:*
          *cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:9.8.7:*:*:*:*:*:*:*
          *cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:9.9:*:*:*:*:*:*:*
          *cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:10.0:beta:*:*:*:*:*:*
          *cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:10.2:*:*:*:*:*:*:*
Added CVSS V2

								
							
							
						
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
Added CWE

								
							
							
						
CWE-22
Changed Reference Type
http://packetstormsecurity.com/files/129336/ManageEngine-Netflow-Analyzer-IT360-File-Download.html No Types Assigned
http://packetstormsecurity.com/files/129336/ManageEngine-Netflow-Analyzer-IT360-File-Download.html Advisory, Exploit, Patch
Changed Reference Type
http://seclists.org/fulldisclosure/2014/Dec/9 No Types Assigned
http://seclists.org/fulldisclosure/2014/Dec/9 Exploit
Changed Reference Type
http://www.securityfocus.com/archive/1/archive/1/534122/100/0/threaded No Types Assigned
http://www.securityfocus.com/archive/1/archive/1/534122/100/0/threaded Exploit
Changed Reference Type
http://www.securityfocus.com/archive/1/archive/1/534141/100/0/threaded No Types Assigned
http://www.securityfocus.com/archive/1/archive/1/534141/100/0/threaded Exploit
Changed Reference Type
http://www.securityfocus.com/bid/71404 No Types Assigned
http://www.securityfocus.com/bid/71404 Exploit
Changed Reference Type
https://github.com/rapid7/metasploit-framework/pull/4282 No Types Assigned
https://github.com/rapid7/metasploit-framework/pull/4282 Exploit
Changed Reference Type
https://raw.githubusercontent.com/pedrib/PoC/master/ManageEngine/me_netflow_it360_file_dl.txt No Types Assigned
https://raw.githubusercontent.com/pedrib/PoC/master/ManageEngine/me_netflow_it360_file_dl.txt Exploit