PT-2019-12475 · Zoho · Zoho Manageengine Firewall Analyzer

Published

2019-05-02

Updated

2019-05-03

CVE-2019-11677

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Zoho ManageEngine Firewall Analyzer versions prior to 12.3 Build 123224

Description The issue concerns the Custom Report import function, which is susceptible to XML External Entity (XXE) Injection. This means that an attacker could potentially exploit this function to access unauthorized data or disrupt system operations.

Recommendations For versions prior to 12.3 Build 123224, update to version 12.3 Build 123224 or later to resolve the issue.

Fix

XXE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-611

Related Identifiers

CVE-2019-11677

Affected Products

Zoho Manageengine Firewall Analyzer

PT-2019-12475 · Zoho · Zoho Manageengine Firewall Analyzer

CVE-2019-11677

Weakness Enumeration

Related Identifiers

Affected Products

References · 3