Manageengine Firewall Analyzer
by Zohocorp
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-14123 | Hig | 0.58 | 8.8 | 0.06 | Sep 4, 2017 | Zoho ManageEngine Firewall Analyzer 12200 has an unrestricted File Upload vulnerability in the "Group Chat" section. Any user can upload files with any extensions. By uploading a PHP file to the server, an attacker can cause it to execute in the server context, as demonstrated… | ||
| CVE-2015-7781 | Hig | 0.49 | 7.5 | 0.07 | Jun 27, 2017 | ManageEngine Firewall Analyzer before 8.0 does not restrict access permissions. | ||
| CVE-2015-7780 | Med | 0.43 | 6.5 | 0.11 | Jun 27, 2017 | Directory traversal vulnerability in ManageEngine Firewall Analyzer before 8.0. | ||
| CVE-2019-11678 | 0.01 | — | 0.09 | May 2, 2019 | The "default reports" feature in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123218 is vulnerable to SQL Injection. | |||
| CVE-2019-11677 | 0.00 | — | 0.09 | May 2, 2019 | The Custom Report import function in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123224 is vulnerable to XML External Entity (XXE) Injection. | |||
| CVE-2019-11676 | 0.00 | — | 0.02 | May 2, 2019 | The user defined DNS name in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123224 is vulnerable to stored XSS attacks. |
- risk 0.58cvss 8.8epss 0.06
Zoho ManageEngine Firewall Analyzer 12200 has an unrestricted File Upload vulnerability in the "Group Chat" section. Any user can upload files with any extensions. By uploading a PHP file to the server, an attacker can cause it to execute in the server context, as demonstrated…
- risk 0.49cvss 7.5epss 0.07
ManageEngine Firewall Analyzer before 8.0 does not restrict access permissions.
- risk 0.43cvss 6.5epss 0.11
Directory traversal vulnerability in ManageEngine Firewall Analyzer before 8.0.
- CVE-2019-11678May 2, 2019risk 0.01cvss —epss 0.09
The "default reports" feature in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123218 is vulnerable to SQL Injection.
- CVE-2019-11677May 2, 2019risk 0.00cvss —epss 0.09
The Custom Report import function in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123224 is vulnerable to XML External Entity (XXE) Injection.
- CVE-2019-11676May 2, 2019risk 0.00cvss —epss 0.02
The user defined DNS name in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123224 is vulnerable to stored XSS attacks.