Skip to main content

Manageengine Firewall Analyzer

12 CVEs product

Monthly

CVE-2023-47211 CRITICAL POC THREAT Emergency

A directory traversal vulnerability exists in the uploadMib functionality of ManageEngine OpManager 12.7.258. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 81.6%.

Path Traversal Manageengine Firewall Analyzer Manageengine Netflow Analyzer Manageengine Network Configuration Manager Manageengine Opmanager +3
NVD
CVSS 3.1
9.1
EPSS
81.6%
Threat
5.8
CVE-2023-6105 MEDIUM POC This Month

An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Zoho Manageengine Analytics Plus Manageengine Appcreator Manageengine Application Control Plus +36
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2022-37024 HIGH This Week

Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, and OpUtils before 2022-07-29 through 2022-07-30 ( 125658, 126003, 126105, and 126120). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Zoho Manageengine Firewall Analyzer Manageengine Netflow Analyzer Manageengine Network Configuration Manager +4
NVD
CVSS 3.1
8.8
EPSS
78.3%
CVE-2022-36923 HIGH POC This Week

Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, Firewall Analyzer, and OpUtils before 2022-07-27 through 2022-07-28 (125657, 126002,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Zoho Manageengine Firewall Analyzer Manageengine Netflow Analyzer Manageengine Network Configuration Manager +4
NVD
CVSS 3.1
7.5
EPSS
7.9%
CVE-2022-35404 HIGH PATCH This Week

ManageEngine Password Manager Pro 12100 and prior and OPManager 126100 and prior are vulnerable to unauthorized file and directory creation on a server machine. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Zoho Manageengine Opmanager Manageengine Network Configuration Manager Manageengine Netflow Analyzer +1
NVD
CVSS 3.1
8.2
EPSS
3.8%
CVE-2019-17421 HIGH POC PATCH This Week

Incorrect file permissions on the packaged Nipper executable file in Zoho ManageEngine OpManager 12.4.072 and Firewall Analyzer 12.4.072 allow local users to elevate privileges to root by overwriting. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Privilege Escalation Zoho Manageengine Firewall Analyzer Manageengine Opmanager
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2019-11678 CRITICAL Act Now

The "default reports" feature in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123218 is vulnerable to SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Zoho Manageengine Firewall Analyzer
NVD
CVSS 3.0
9.8
EPSS
9.5%
CVE-2019-11677 CRITICAL Act Now

The Custom Report import function in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123224 is vulnerable to XML External Entity (XXE) Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Zoho Manageengine Firewall Analyzer
NVD
CVSS 3.0
9.8
EPSS
9.4%
CVE-2019-11676 MEDIUM This Month

The user defined DNS name in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123224 is vulnerable to stored XSS attacks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Zoho Manageengine Firewall Analyzer
NVD
CVSS 3.0
6.1
EPSS
1.9%
CVE-2017-14123 HIGH POC PATCH This Week

Zoho ManageEngine Firewall Analyzer 12200 has an unrestricted File Upload vulnerability in the "Group Chat" section. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP File Upload Zoho Manageengine Firewall Analyzer
NVD
CVSS 3.1
8.8
EPSS
4.4%
CVE-2015-7781 HIGH This Week

ManageEngine Firewall Analyzer before 8.0 does not restrict access permissions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Zoho Manageengine Firewall Analyzer
NVD
CVSS 3.0
7.5
EPSS
6.7%
CVE-2015-7780 MEDIUM POC THREAT This Month

Directory traversal vulnerability in ManageEngine Firewall Analyzer before 8.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 36.2%.

Path Traversal Zoho Manageengine Firewall Analyzer
NVD
CVSS 3.0
6.5
EPSS
36.2%
EPSS 82% 5.8 CVSS 9.1
CRITICAL POC THREAT Emergency

A directory traversal vulnerability exists in the uploadMib functionality of ManageEngine OpManager 12.7.258. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 81.6%.

Path Traversal Manageengine Firewall Analyzer Manageengine Netflow Analyzer +5
NVD
EPSS 1% CVSS 5.5
MEDIUM POC This Month

An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Zoho Manageengine Analytics Plus +38
NVD
EPSS 78% CVSS 8.8
HIGH This Week

Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, and OpUtils before 2022-07-29 through 2022-07-30 ( 125658, 126003, 126105, and 126120). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Zoho Manageengine Firewall Analyzer +6
NVD
EPSS 8% CVSS 7.5
HIGH POC This Week

Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, Firewall Analyzer, and OpUtils before 2022-07-27 through 2022-07-28 (125657, 126002,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Zoho Manageengine Firewall Analyzer +6
NVD
EPSS 4% CVSS 8.2
HIGH PATCH This Week

ManageEngine Password Manager Pro 12100 and prior and OPManager 126100 and prior are vulnerable to unauthorized file and directory creation on a server machine. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Zoho Manageengine Opmanager +3
NVD
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

Incorrect file permissions on the packaged Nipper executable file in Zoho ManageEngine OpManager 12.4.072 and Firewall Analyzer 12.4.072 allow local users to elevate privileges to root by overwriting. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Privilege Escalation Zoho Manageengine Firewall Analyzer +1
NVD
EPSS 9% CVSS 9.8
CRITICAL Act Now

The "default reports" feature in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123218 is vulnerable to SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Zoho Manageengine Firewall Analyzer
NVD
EPSS 9% CVSS 9.8
CRITICAL Act Now

The Custom Report import function in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123224 is vulnerable to XML External Entity (XXE) Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Zoho Manageengine Firewall Analyzer
NVD
EPSS 2% CVSS 6.1
MEDIUM This Month

The user defined DNS name in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123224 is vulnerable to stored XSS attacks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Zoho Manageengine Firewall Analyzer
NVD
EPSS 4% CVSS 8.8
HIGH POC PATCH This Week

Zoho ManageEngine Firewall Analyzer 12200 has an unrestricted File Upload vulnerability in the "Group Chat" section. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP File Upload Zoho +1
NVD
EPSS 7% CVSS 7.5
HIGH This Week

ManageEngine Firewall Analyzer before 8.0 does not restrict access permissions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Zoho Manageengine Firewall Analyzer
NVD
EPSS 36% CVSS 6.5
MEDIUM POC THREAT This Month

Directory traversal vulnerability in ManageEngine Firewall Analyzer before 8.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 36.2%.

Path Traversal Zoho Manageengine Firewall Analyzer
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy