CVE-2019-11677

Published: May 2, 2019Modified: Nov 21, 2024

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

The Custom Report import function in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123224 is vulnerable to XML External Entity (XXE) Injection.

Affected (36)

Products: Zohocorp: Manageengine Firewall Analyzer

Zohocorp

1 product

Manageengine Firewall Analyzer

Configuration A

36 vulnerable

Vulnerable Software	Affected Versions
Zohocorp Manageengine Firewall Analyzer	Version 12.0 12000
Zohocorp Manageengine Firewall Analyzer	Version 12.2 12200
Zohocorp Manageengine Firewall Analyzer	Version 12.3 123008
Zohocorp Manageengine Firewall Analyzer	Version 12.3 12300
Zohocorp Manageengine Firewall Analyzer	Version 12.3 123027
Zohocorp Manageengine Firewall Analyzer	Version 12.3 123045
Zohocorp Manageengine Firewall Analyzer	Version 12.3 123057
Zohocorp Manageengine Firewall Analyzer	Version 12.3 123064
Zohocorp Manageengine Firewall Analyzer	Version 12.3 123070
Zohocorp Manageengine Firewall Analyzer	Version 12.3 123083
Zohocorp Manageengine Firewall Analyzer	Version 12.3 123092
Zohocorp Manageengine Firewall Analyzer	Version 12.3 123126
Zohocorp Manageengine Firewall Analyzer	Version 12.3 123129
Zohocorp Manageengine Firewall Analyzer	Version 12.3 123137
Zohocorp Manageengine Firewall Analyzer	Version 12.3 123151
Zohocorp Manageengine Firewall Analyzer	Version 12.3 123156
Zohocorp Manageengine Firewall Analyzer	Version 12.3 123164
Zohocorp Manageengine Firewall Analyzer	Version 12.3 123169
Zohocorp Manageengine Firewall Analyzer	Version 12.3 123177
Zohocorp Manageengine Firewall Analyzer	Version 12.3 123182
Zohocorp Manageengine Firewall Analyzer	Version 12.3 123185
Zohocorp Manageengine Firewall Analyzer	Version 12.3 123186
Zohocorp Manageengine Firewall Analyzer	Version 12.3 123194
Zohocorp Manageengine Firewall Analyzer	Version 12.3 123197
Zohocorp Manageengine Firewall Analyzer	Version 12.3 123208
Zohocorp Manageengine Firewall Analyzer	Version 12.3 123218
Zohocorp Manageengine Firewall Analyzer	Version 12.3 123222
Zohocorp Manageengine Firewall Analyzer	Version 12.3 123223
Zohocorp Manageengine Firewall Analyzer	Version 7.2 7020
Zohocorp Manageengine Firewall Analyzer	Version 7.2 7021
Zohocorp Manageengine Firewall Analyzer	Version 7.4 7400
Zohocorp Manageengine Firewall Analyzer	Version 7.6 7600
Zohocorp Manageengine Firewall Analyzer	Version 8.0 8000
Zohocorp Manageengine Firewall Analyzer	Version 8.1 8110
Zohocorp Manageengine Firewall Analyzer	Version 8.3 8300
Zohocorp Manageengine Firewall Analyzer	Version 8.5 8500

Related CWEs

CWE-611

Improper Restriction of XML External Entity Reference

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

References (2)

https://www.manageengine.com/products/firewall/release-notes.html

Source: cve@mitre.org

Release NotesVendor Advisory

https://www.manageengine.com/products/firewall/release-notes.html

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

Timeline

No history available yet.