CVE-2007-3593 - OpenCVE

Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine NetFlow Analyzer 5 allow remote attackers to inject arbitrary web script or HTML via the (1) alpha parameter in (a) netflow/jspui/applicationList.jsp, the (2) task parameter in (b) netflow/jspui/appConfig.jsp, the (3) view parameter in (c) netflow/jspui/index.jsp, and the (4) rtype parameter in (d) netflow/jspui/selectDevice.jsp and (e) netflow/jspui/customReport.jsp. NOTE: it was later reported that vector 3 also affects 7.5 build 7500.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Adventnet	Manageengine Netflow Analyzer

Configuration 1 [-]

cpe:2.3:a:adventnet:manageengine_netflow_analyzer:5:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://lostmon.blogspot.com/2007/07/netflow-analizer-5-opmanager-7-multiple.html
http://osvdb.org/37826
http://osvdb.org/37827
http://osvdb.org/37828
http://osvdb.org/37829
http://osvdb.org/37830
http://secunia.com/advisories/25947
http://www.securityfocus.com/bid/24766
https://exchange.xforce.ibmcloud.com/vulnerabilities/35263

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-07-06T18:00:00

Updated: 2024-08-07T14:21:36.413Z

Reserved: 2007-07-06T00:00:00

Link: CVE-2007-3593

Vulnrichment

No data.

NVD

Status : Modified

Published: 2007-07-06T18:30:00.000

Modified: 2017-07-29T01:32:25.270

Link: CVE-2007-3593

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-07-04T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine NetFlow Analyzer 5 allow remote attackers to inject arbitrary web script or HTML via the (1) alpha parameter in (a) netflow/jspui/applicationList.jsp, the (2) task parameter in (b) netflow/jspui/appConfig.jsp, the (3) view parameter in (c) netflow/jspui/index.jsp, and the (4) rtype parameter in (d) netflow/jspui/selectDevice.jsp and (e) netflow/jspui/customReport.jsp. NOTE: it was later reported that vector 3 also affects 7.5 build 7500."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://lostmon.blogspot.com/2007/07/netflow-analizer-5-opmanager-7-multiple.html"}, {"name": "37827", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/37827"}, {"name": "37828", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/37828"}, {"name": "37830", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/37830"}, {"name": "37829", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/37829"}, {"name": "37826", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/37826"}, {"name": "netflowanalyzer-opmanager-multiple-xss(35263)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35263"}, {"name": "25947", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/25947"}, {"name": "24766", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/24766"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-3593", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine NetFlow Analyzer 5 allow remote attackers to inject arbitrary web script or HTML via the (1) alpha parameter in (a) netflow/jspui/applicationList.jsp, the (2) task parameter in (b) netflow/jspui/appConfig.jsp, the (3) view parameter in (c) netflow/jspui/index.jsp, and the (4) rtype parameter in (d) netflow/jspui/selectDevice.jsp and (e) netflow/jspui/customReport.jsp. NOTE: it was later reported that vector 3 also affects 7.5 build 7500."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://lostmon.blogspot.com/2007/07/netflow-analizer-5-opmanager-7-multiple.html", "refsource": "MISC", "url": "http://lostmon.blogspot.com/2007/07/netflow-analizer-5-opmanager-7-multiple.html"}, {"name": "37827", "refsource": "OSVDB", "url": "http://osvdb.org/37827"}, {"name": "37828", "refsource": "OSVDB", "url": "http://osvdb.org/37828"}, {"name": "37830", "refsource": "OSVDB", "url": "http://osvdb.org/37830"}, {"name": "37829", "refsource": "OSVDB", "url": "http://osvdb.org/37829"}, {"name": "37826", "refsource": "OSVDB", "url": "http://osvdb.org/37826"}, {"name": "netflowanalyzer-opmanager-multiple-xss(35263)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35263"}, {"name": "25947", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25947"}, {"name": "24766", "refsource": "BID", "url": "http://www.securityfocus.com/bid/24766"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T14:21:36.413Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://lostmon.blogspot.com/2007/07/netflow-analizer-5-opmanager-7-multiple.html"}, {"name": "37827", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/37827"}, {"name": "37828", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/37828"}, {"name": "37830", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/37830"}, {"name": "37829", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/37829"}, {"name": "37826", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/37826"}, {"name": "netflowanalyzer-opmanager-multiple-xss(35263)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35263"}, {"name": "25947", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/25947"}, {"name": "24766", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/24766"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-3593", "datePublished": "2007-07-06T18:00:00", "dateReserved": "2007-07-06T00:00:00", "dateUpdated": "2024-08-07T14:21:36.413Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:adventnet:manageengine_netflow_analyzer:5:*:*:*:*:*:*:*", "matchCriteriaId": "6FF2D661-4CD0-4571-8904-A6D411EB6CA9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine NetFlow Analyzer 5 allow remote attackers to inject arbitrary web script or HTML via the (1) alpha parameter in (a) netflow/jspui/applicationList.jsp, the (2) task parameter in (b) netflow/jspui/appConfig.jsp, the (3) view parameter in (c) netflow/jspui/index.jsp, and the (4) rtype parameter in (d) netflow/jspui/selectDevice.jsp and (e) netflow/jspui/customReport.jsp. NOTE: it was later reported that vector 3 also affects 7.5 build 7500."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de tipo cross-site scripting (XSS) en ManageEngine NetFlow Analyzer versi\u00f3n 5, permite a atacantes remotos inyectar script web o HTML arbitrario por medio del par\u00e1metro (1) alpha en (a) el archivo netflow/jspui/applicationList.jsp, el (2) par\u00e1metro task en (b) el archivo netflow/jspui/appConfig.jsp, el (3) par\u00e1metro view en (c) el archivo netflow/jspui/index.jsp, y el (4) par\u00e1metro rtype en (d) los archivos netflow/jspui/selectDevice.jsp y (e) netflow/jspui/customReport.jsp. NOTA: fue reportado mas tarde que el vector 3 tambi\u00e9n afecta a la versi\u00f3n 7.5 build 7500."}], "id": "CVE-2007-3593", "lastModified": "2017-07-29T01:32:25.270", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2007-07-06T18:30:00.000", "references": [{"source": "cve@mitre.org", "url": "http://lostmon.blogspot.com/2007/07/netflow-analizer-5-opmanager-7-multiple.html"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/37826"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/37827"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/37828"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/37829"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/37830"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/25947"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/24766"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35263"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}