High severity7.5NVD Advisory· Published Jun 29, 2018· Updated Jun 17, 2026

CVE-2018-12997

Description

Incorrect Access Control in FailOverHelperServlet in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 allows attackers to read certain files on the web server without login by sending a specially crafted request to the server with the operation=copyfile&fileName= substring.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Zoho/ManageEngine Network Configuration Managerllm-create
Range: < build 123128
Zoho/ManageEngine Netflow Analyzer Professionalllm-fuzzy
Range: < build 123137
Zoho/ManageEngine OpUtilsllm-fuzzy
Range: < build 123148

Patches

Vulnerability mechanics

References

packetstormsecurity.com/files/148635/Zoho-ManageEngine-13-13790-build-XSS-File-Read-File-Deletion.htmlnvdExploitThird Party AdvisoryVDB Entry
www.cnnvd.org.cn/web/xxk/ldxqById.tagnvdExploitThird Party Advisory
github.com/unh3x/just4cve/issues/8nvdExploitThird Party Advisory
seclists.org/fulldisclosure/2018/Jul/73nvdMailing ListThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.005
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000