CVE-2019-11677

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2019-11677
The Custom Report import function in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123224 is vulnerable to XML External Entity (XXE) Injection.

9.8 /10

CVSS v3.0 : CRITICAL

V3 Legend

Vector : AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.5 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
https://www.manageengine.com/products/firewall/release-notes.html Release Notes Vendor Advisory
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:7.2:7021:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:8.5:8500:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.2:12200:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.3:123186:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.3:123182:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.3:123151:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.3:123129:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.3:123045:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.3:123008:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.3:123222:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.3:123218:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:7.2:7020:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:7.4:7400:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:8.0:8000:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:7.6:7600:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:8.1:8110:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:8.3:8300:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.0:12000:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.3:123223:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.3:123208:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.3:123197:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.3:123194:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.3:123185:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.3:123177:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.3:123169:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.3:123164:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.3:123156:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.3:123137:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.3:123092:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.3:123083:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.3:123070:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.3:123064:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.3:123057:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.3:123126:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.3:123027:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.3:12300:*:*:*:*:*:*
Information

Published : 2019-05-02 07:29

Updated : 2019-05-03 10:31

NVD link : CVE-2019-11677

Mitre link : CVE-2019-11677

JSON object : View

CWE
CWE-611

Improper Restriction of XML External Entity Reference

Advertisement

dedicated server usa
Products Affected

zohocorp

  • manageengine_firewall_analyzer