CVE-2019-7424

Name of the Vulnerable Software and Affected Versions Zoho ManageEngine Netflow Analyzer Professional version 7.0.0.2

Description A security issue exists in the Administration zone of the software, specifically in the "/netflow/jspui/index.jsp" file. The issue is related to the view GET parameter or the following POST parameters: autorefTime, section, snapshot, viewOpt, viewAll, view, or groupSelName.

Recommendations For Zoho ManageEngine Netflow Analyzer Professional version 7.0.0.2, consider restricting access to the vulnerable "/netflow/jspui/index.jsp" file until a patch is available. As a temporary workaround, avoid using the view GET parameter and the POST parameters autorefTime, section, snapshot, viewOpt, viewAll, view, or groupSelName in the affected API endpoint.