E15-atg01
CVSS:
5.7 (AV:N/AC:M/Au:N/C:P/I:P/A:N)
False Positive:
f
Variants:
1
Year:
2015
Description
This strike exploits a cross site request forgery vulnerability inside ManageEngine EventLog Analyzer.
The vulnerability is due to improper userManagementForm.do input validation.
An attacker could exploit this vulnerability in order submit requests on the target system with valid user privileges.