CVE-2019-11677 - Improper Restriction of XML External Entity Reference

Severity

75%

Complexity

99%

Confidentiality

106%

The Custom Report import function in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123224 is vulnerable to XML External Entity (XXE) Injection.

The Custom Report import function in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123224 is vulnerable to XML External Entity (XXE) Injection.

CVSS 3.0 Base Score 9.8. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

CVSS 2.0 Base Score 7.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P).

Overview

Type

Zohocorp Manageengine Firewall Analyzer

First reported 6 years ago

2019-05-02 14:29:00

Last updated 6 years ago

2019-05-03 17:31:00

Affected Software

Zohocorp Manageengine Firewall Analyzer 7.2 7020

7.2

Zohocorp Manageengine Firewall Analyzer 7.2 7021

7.2

Zohocorp Manageengine Firewall Analyzer 7.4 7400

7.4

Zohocorp Manageengine Firewall Analyzer 7.6 7600

7.6

Zohocorp Manageengine Firewall Analyzer 8.0 8000

8.0

Zohocorp Manageengine Firewall Analyzer 8.1 8110

8.1

Zohocorp Manageengine Firewall Analyzer 8.3 8300

8.3

Zohocorp Manageengine Firewall Analyzer 8.5 8500

8.5

Zohocorp Manageengine Firewall Analyzer 12.0 12000

12.0

Zohocorp Manageengine Firewall Analyzer 12.2 12200

12.2

Zohocorp Manageengine Firewall Analyzer 12.3 12300

12.3

Zohocorp Manageengine Firewall Analyzer 12.3 123008

12.3

Zohocorp Manageengine Firewall Analyzer 12.3 123027

12.3

Zohocorp Manageengine Firewall Analyzer 12.3 123045

12.3

Zohocorp Manageengine Firewall Analyzer 12.3 123057

12.3

Zohocorp Manageengine Firewall Analyzer 12.3 123064

12.3

Zohocorp Manageengine Firewall Analyzer 12.3 123070

12.3

Zohocorp Manageengine Firewall Analyzer 12.3 123083

12.3

Zohocorp Manageengine Firewall Analyzer 12.3 123092

12.3

Zohocorp Manageengine Firewall Analyzer 12.3 123126

12.3

Zohocorp Manageengine Firewall Analyzer 12.3 123129

12.3

Zohocorp Manageengine Firewall Analyzer 12.3 123137

12.3

Zohocorp Manageengine Firewall Analyzer 12.3 123151

12.3

Zohocorp Manageengine Firewall Analyzer 12.3 123156

12.3

Zohocorp Manageengine Firewall Analyzer 12.3 123164

12.3

Zohocorp Manageengine Firewall Analyzer 12.3 123169

12.3

Zohocorp Manageengine Firewall Analyzer 12.3 123177

12.3

Zohocorp Manageengine Firewall Analyzer 12.3 123182

12.3

Zohocorp Manageengine Firewall Analyzer 12.3 123185

12.3

Zohocorp Manageengine Firewall Analyzer 12.3 123186

12.3

Zohocorp Manageengine Firewall Analyzer 12.3 123194

12.3

Zohocorp Manageengine Firewall Analyzer 12.3 123197

12.3

Zohocorp Manageengine Firewall Analyzer 12.3 123208

12.3

Zohocorp Manageengine Firewall Analyzer 12.3 123218

12.3

Zohocorp Manageengine Firewall Analyzer 12.3 123222

12.3

Zohocorp Manageengine Firewall Analyzer 12.3 123223

12.3

References

https://www.manageengine.com/products/firewall/release-notes.html

Release Notes, Vendor Advisory

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.