Intrusion Prevention

ManageEngine.EventLog.Hostdetails.Information.Disclosure

Description

This indicates an attack attempt against an Information Disclosure vulnerability in ManageEngine Eventlog Analyzer.
The vulnerability is due to insufficient validation of user supplied data when handling crafted HTTP Requests. A remote attacker can exploit this to disclose sensitive information from affected machines using malicious packets.

Affected Products

ManageEngine EventLog Analyzer 9.9 build 9002 and prior

Impact

Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems

Recommended Actions

Currently we are unaware of any vendor supplied patch for this issue

CVE References

CVE-2014-6039