PT-2019-12475 · Zoho · Zoho Manageengine Firewall Analyzer

Publicado

2019-05-02

Atualizado

2019-05-03

CVE-2019-11677

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Zoho ManageEngine Firewall Analyzer versions prior to 12.3 Build 123224

Description The issue concerns the Custom Report import function, which is susceptible to XML External Entity (XXE) Injection. This means that an attacker could potentially exploit this function to access unauthorized data or disrupt system operations.

Recommendations For versions prior to 12.3 Build 123224, update to version 12.3 Build 123224 or later to resolve the issue.

Correção

XXE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-611

Identificadores relacionados

CVE-2019-11677

Produtos afetados

Zoho Manageengine Firewall Analyzer

PT-2019-12475 · Zoho · Zoho Manageengine Firewall Analyzer

CVE-2019-11677

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3