Zohocorp Manageengine_firewall_analyzer
12 CVEs affecting Zohocorp Manageengine_firewall_analyzer. Latest disclosed: 2024-01-08. Critical: 3, High: 6.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2019-11678 | Critical | 9.8 | 2019-05-02 | The "default reports" feature in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123218 is vulnerable to SQL Injection. |
CVE-2019-11677 | Critical | 9.8 | 2019-05-02 | The Custom Report import function in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123224 is vulnerable to XML External Entity (XXE) Injection. |
CVE-2023-47211 | Critical | 9.1 | 2024-01-08 | A directory traversal vulnerability exists in the uploadMib functionality of ManageEngine OpManager 12.7.258. A specially crafted HTTP request can lead to arbi… |
CVE-2022-37024 | High | 8.8 | 2022-08-10 | Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, and OpUtils before 2022-07-29 through 2022-07-30 (… |
CVE-2017-14123 | High | 8.8 | 2017-09-04 | Zoho ManageEngine Firewall Analyzer 12200 has an unrestricted File Upload vulnerability in the "Group Chat" section. Any user can upload files with any extensi… |
CVE-2022-35404 | High | 8.2 | 2022-07-18 | ManageEngine Password Manager Pro 12100 and prior and OPManager 126100 and prior are vulnerable to unauthorized file and directory creation on a server machine. |
CVE-2019-17421 | High | 7.8 | 2019-11-21 | Incorrect file permissions on the packaged Nipper executable file in Zoho ManageEngine OpManager 12.4.072 and Firewall Analyzer 12.4.072 allow local users to e… |
CVE-2022-36923 | High | 7.5 | 2022-08-10 | Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, Firewall Analyzer, and OpUtils before 2022-07-27 t… |
CVE-2015-7781 | High | 7.5 | 2017-06-27 | ManageEngine Firewall Analyzer before 8.0 does not restrict access permissions. |
CVE-2015-7780 | Medium | 6.5 | 2017-06-27 | Directory traversal vulnerability in ManageEngine Firewall Analyzer before 8.0. |
CVE-2019-11676 | Medium | 6.1 | 2019-05-02 | The user defined DNS name in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123224 is vulnerable to stored XSS attacks. |
CVE-2023-6105 | Medium | 5.5 | 2023-11-15 | An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. A low-privileged OS user wit… |