2.6 - CVE-2007-3594

Executive Summary

Informations
Name	CVE-2007-3594	First vendor Publication	2007-07-06
Vendor	Cve	Last vendor Modification	2024-11-21

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:H/Au:N/C:N/I:P/A:N)
Cvss Base Score	2.6	Attack Range	Network
Cvss Impact Score	2.9	Attack Complexity	High
Cvss Expoit Score	4.9	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Multiple cross-site scripting (XSS) vulnerabilities in AdventNet ManageEngine OpManager 6 and 7 allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter in (a) ping.do and (b) traceRoute.do in map/; the (2) reportName, (3) displayName, and (4) selectedNode parameters to (c) reports/ReportViewAction.do; the (5) operation parameter to (d) admin/ServiceConfiguration.do; and the (6) selectedNode and (7) selectedTab parameters to (e) admin/DeviceAssociation.do. NOTE: the searchTerm parameter in Search.do is already covered by CVE-2006-2343.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3594

CPE : Common Platform Enumeration

Type	Description	Count
Application	Adventnet Manageengine Netflow Analyzer cpe:2.3:a:adventnet:manageengine_netflow_analyzer:7:::::::* cpe:2.3:a:adventnet:manageengine_netflow_analyzer:6:::::::*	2

Open Source Vulnerability Database (OSVDB)

Id	Description
38949	ManageEngine OpManager admin/DeviceAssociation.do Multiple Parameter XSS
38948	ManageEngine OpManager admin/ServiceConfiguration.do operation Parameter XSS
38947	ManageEngine OpManager reports/ReportViewAction.do Multiple Parameter XSS
38946	ManageEngine OpManager map/traceRoute.do name Parameter XSS
38945	ManageEngine OpManager map/ping.do name Parameter XSS
37825	ManageEngine NetFlow Analyzer admin/DeviceAssociation.do Multiple Parameter XSS
37824	ManageEngine NetFlow Analyzer admin/ServiceConfiguration.do operation Paramet...
37823	ManageEngine NetFlow Analyzer reports/ReportViewAction.do Multiple Parameter XSS
37822	ManageEngine NetFlow Analyzer traceRoute.do name Parameter XSS
37821	ManageEngine NetFlow Analyzer ping.do name Parameter XSS

Sources (Detail)

http://lostmon.blogspot.com/2007/07/netflow-analizer-5-opmanager-7-multiple.html
http://osvdb.org/37821
http://osvdb.org/37822
http://osvdb.org/37823
http://osvdb.org/37824
http://osvdb.org/37825
http://osvdb.org/38945
http://osvdb.org/38946
http://osvdb.org/38947
http://osvdb.org/38948
http://osvdb.org/38949
http://www.securityfocus.com/bid/24767
https://exchange.xforce.ibmcloud.com/vulnerabilities/35263

Source	Url

Alert History

If you want to see full details history, please login or register.

Date	Informations
2024-11-28 23:16:53	Multiple Updates
2024-11-28 12:12:50	Multiple Updates
2021-05-04 12:06:04	Multiple Updates
2021-04-22 01:06:36	Multiple Updates
2020-05-23 00:20:04	Multiple Updates
2017-07-29 12:02:22	Multiple Updates
2016-06-28 16:42:30	Multiple Updates
2013-05-11 10:30:13	Multiple Updates

2.6 - CVE-2007-3594

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CPE : Common Platform Enumeration

Open Source Vulnerability Database (OSVDB)

Sources (Detail)

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU

Type	Count
CPE ID(s)	2
Sources(s)	13
osvdb(s)	10