U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Vulnerability Change Records for CVE-2014-5445

Change History

Modified Analysis by NIST 6/25/2019 3:06:22 PM

Action Type Old Value New Value
Changed CPE Configuration
OR
     *cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:8.6:*:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:9.0:*:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:9.1:*:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:9.5:*:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:9.6:*:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:9.7:*:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:9.8:*:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:9.8.5:*:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:9.8.6:*:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:9.8.7:*:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:9.9:*:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:10.0:beta:*:*:*:*:*:*
     *cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:10.2:*:*:*:*:*:*:*
OR
     *cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:*:*:*:*:*:*:*:* versions from (including) 8.6 up to (including) 10.2
Changed Reference Type
http://packetstormsecurity.com/files/129336/ManageEngine-Netflow-Analyzer-IT360-File-Download.html Exploit, Patch, Vendor Advisory
http://packetstormsecurity.com/files/129336/ManageEngine-Netflow-Analyzer-IT360-File-Download.html Exploit, Patch, Third Party Advisory, VDB Entry, Vendor Advisory
Changed Reference Type
http://seclists.org/fulldisclosure/2014/Dec/9 Exploit
http://seclists.org/fulldisclosure/2014/Dec/9 Exploit, Mailing List, Third Party Advisory
Changed Reference Type
http://www.securityfocus.com/archive/1/534122/100/0/threaded No Types Assigned
http://www.securityfocus.com/archive/1/534122/100/0/threaded Third Party Advisory, VDB Entry
Changed Reference Type
http://www.securityfocus.com/archive/1/534141/100/0/threaded No Types Assigned
http://www.securityfocus.com/archive/1/534141/100/0/threaded Third Party Advisory, VDB Entry
Changed Reference Type
http://www.securityfocus.com/bid/71404 Exploit
http://www.securityfocus.com/bid/71404 Exploit, Mailing List, Third Party Advisory, VDB Entry
Changed Reference Type
https://exchange.xforce.ibmcloud.com/vulnerabilities/99045 No Types Assigned
https://exchange.xforce.ibmcloud.com/vulnerabilities/99045 Third Party Advisory, VDB Entry
Changed Reference Type
https://github.com/rapid7/metasploit-framework/pull/4282 Exploit
https://github.com/rapid7/metasploit-framework/pull/4282 Exploit, Third Party Advisory
Changed Reference Type
https://raw.githubusercontent.com/pedrib/PoC/master/ManageEngine/me_netflow_it360_file_dl.txt Exploit
https://raw.githubusercontent.com/pedrib/PoC/master/ManageEngine/me_netflow_it360_file_dl.txt Exploit, Third Party Advisory
Changed Reference Type
https://support.zoho.com/portal/manageengine/helpcenter/articles/cve-2014-5445-cve-2014-5446-fix-for-arbitrary-file-download No Types Assigned
https://support.zoho.com/portal/manageengine/helpcenter/articles/cve-2014-5445-cve-2014-5446-fix-for-arbitrary-file-download Vendor Advisory