CVE-2017-11686
Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allows remote attackers to obtain an authenticated user's password vi
Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allows remote attackers to obtain an authenticated user's password via XSS vulnerabilities or sniffing non-SSL traffic on the network, because the password is represented in a cookie with a reversible encoding method.
MEDIUM · CVSS 6.1
EPSS 0.01664
Schedule remediation
- Public exploit or PoC is available
Sigma rules0
YARA rules0