Unrated severityNVD Advisory· Published Nov 6, 2018· Updated Sep 16, 2024
CVE-2018-18980
CVE-2018-18980
Description
An XML External Entity injection (XXE) vulnerability exists in Zoho ManageEngine Network Configuration Manager and OpManager before 12.3.214 via the RequestXML parameter in a /devices/ProcessRequest.do GET request. For example, the attacker can trigger the transmission of local files to an arbitrary remote FTP server.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <12.3.214
- Range: <12.3.214
Patches
Vulnerability mechanics
References
2- github.com/x-f1v3/ForCve/issues/5mitrex_refsource_MISC
- www.manageengine.com/network-monitoring/help/read-me.htmlmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.