Firewallanalyzer

CVEs (10)

CVE	Vendor / Product	Risk	CVSS	EPSS	Published	Description
CVE-2013-5092	Manageengine Firewallanalyzer	0.03	—	0.04	Jan 29, 2014	Cross-site scripting (XSS) vulnerability in afa/php/Login.php in AlgoSec Firewall Analyzer 6.1-b86 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
CVE-2012-4891	Manageengine Firewallanalyzer	0.03	—	0.03	Sep 10, 2012	Cross-site scripting (XSS) vulnerability in fw/index2.do in ManageEngine Firewall Analyzer 7.2 allows remote attackers to inject arbitrary web script or HTML via the url parameter, a different vector than CVE-2012-4889. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2012-4889	Manageengine Firewallanalyzer	0.03	—	0.04	Sep 10, 2012	Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Firewall Analyzer 7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) subTab or (2) tab parameter to createAnomaly.do; (3) url, (4) subTab, or (5) tab parameter to mindex.do; (6) tab parameter to index2.do; or (7) port parameter to syslogViewer.do.
CVE-2019-11678	Manageengine Firewallanalyzer	0.01	—	0.13	May 2, 2019	The "default reports" feature in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123218 is vulnerable to SQL Injection.
CVE-2025-12381	Manageengine Firewallanalyzer	0.00	—	0.00	Dec 9, 2025	Improper Privilege Management vulnerability in AlgoSec Firewall Analyzer on Linux, 64 bit allows Privilege Escalation, Parameter Injection. A local user with access to the command line may escalate their privileges by abusing the parameters of a command that is approved in the sudoers file. This issue affects Firewall Analyzer: A33.0, A33.10.
CVE-2025-12382	Manageengine Firewallanalyzer	0.00	—	0.00	Nov 12, 2025	Improper Limitation of a Pathname 'Path Traversal') vulnerability in Algosec Firewall Analyzer on Linux, 64 bit allows an authenticated user to upload files to a restricted directory leading to code injection. This issue affects Algosec Firewall Analyzer: A33.0 (up to build 320), A33.10 (up to build 210).
CVE-2019-11677	Manageengine Firewallanalyzer	0.00	—	0.02	May 2, 2019	The Custom Report import function in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123224 is vulnerable to XML External Entity (XXE) Injection.
CVE-2013-7318	Manageengine Firewallanalyzer	0.00	—	0.00	Jan 29, 2014	Cross-site scripting (XSS) vulnerability in BusinessFlow/login in AlgoSec Firewall Analyzer 6.4 allows remote attackers to inject arbitrary web script or HTML via the message parameter.
CVE-2008-1775	Manageengine Firewallanalyzer	0.00	—	0.00	Apr 14, 2008	Cross-site scripting (XSS) vulnerability in mindex.do in ManageEngine Firewall Analyzer 4.0.3 allows remote attackers to inject arbitrary web script or HTML via the displayName parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-1642	Manageengine Firewallanalyzer	0.00	—	0.00	Mar 24, 2007	Unspecified vulnerability in ManageEngine Firewall Analyzer allows remote authenticated users to "access any common file" via a direct URL request.

CVE-2013-5092Jan 29, 2014
Manageengine
Firewallanalyzer
risk 0.03cvss —epss 0.04
Cross-site scripting (XSS) vulnerability in afa/php/Login.php in AlgoSec Firewall Analyzer 6.1-b86 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
CVE-2012-4891Sep 10, 2012
Manageengine
Firewallanalyzer
risk 0.03cvss —epss 0.03
Cross-site scripting (XSS) vulnerability in fw/index2.do in ManageEngine Firewall Analyzer 7.2 allows remote attackers to inject arbitrary web script or HTML via the url parameter, a different vector than CVE-2012-4889. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2012-4889Sep 10, 2012
Manageengine
Firewallanalyzer
risk 0.03cvss —epss 0.04
Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Firewall Analyzer 7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) subTab or (2) tab parameter to createAnomaly.do; (3) url, (4) subTab, or (5) tab parameter to mindex.do; (6) tab parameter to index2.do; or (7) port parameter to syslogViewer.do.
CVE-2019-11678May 2, 2019
Manageengine
Firewallanalyzer
risk 0.01cvss —epss 0.13
The "default reports" feature in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123218 is vulnerable to SQL Injection.
CVE-2025-12381Dec 9, 2025
Manageengine
Firewallanalyzer
risk 0.00cvss —epss 0.00
Improper Privilege Management vulnerability in AlgoSec Firewall Analyzer on Linux, 64 bit allows Privilege Escalation, Parameter Injection. A local user with access to the command line may escalate their privileges by abusing the parameters of a command that is approved in the sudoers file. This issue affects Firewall Analyzer: A33.0, A33.10.
CVE-2025-12382Nov 12, 2025
Manageengine
Firewallanalyzer
risk 0.00cvss —epss 0.00
Improper Limitation of a Pathname 'Path Traversal') vulnerability in Algosec Firewall Analyzer on Linux, 64 bit allows an authenticated user to upload files to a restricted directory leading to code injection. This issue affects Algosec Firewall Analyzer: A33.0 (up to build 320), A33.10 (up to build 210).
CVE-2019-11677May 2, 2019
Manageengine
Firewallanalyzer
risk 0.00cvss —epss 0.02
The Custom Report import function in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123224 is vulnerable to XML External Entity (XXE) Injection.
CVE-2013-7318Jan 29, 2014
Manageengine
Firewallanalyzer
risk 0.00cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in BusinessFlow/login in AlgoSec Firewall Analyzer 6.4 allows remote attackers to inject arbitrary web script or HTML via the message parameter.
CVE-2008-1775Apr 14, 2008
Manageengine
Firewallanalyzer
risk 0.00cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in mindex.do in ManageEngine Firewall Analyzer 4.0.3 allows remote attackers to inject arbitrary web script or HTML via the displayName parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-1642Mar 24, 2007
Manageengine
Firewallanalyzer
risk 0.00cvss —epss 0.00
Unspecified vulnerability in ManageEngine Firewall Analyzer allows remote authenticated users to "access any common file" via a direct URL request.