CVE-2017-11686

Name of the Vulnerable Software and Affected Versions Zoho ManageEngine Event Log Analyzer versions 11.4 through 11.5

Description The issue allows remote attackers to obtain an authenticated user's password. This can be achieved through XSS vulnerabilities or by sniffing non-SSL traffic on the network. The password is represented in a cookie using a reversible encoding method.

Recommendations For versions 11.4 and 11.5, consider disabling non-SSL traffic and restrict access to the application until a fix is available. As a temporary workaround, avoid using the application over unsecured networks to minimize the risk of password sniffing. At the moment, there is no information about a newer version that contains a fix for this vulnerability.