Zohocorp Manageengine Firewall Analyzer — known CVE vulnerabilities
Every CVE whose affected-product data names Zohocorp Manageengine Firewall Analyzer, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (12)
CVE-2019-11677 — CVSS 9.8 (critical): The Custom Report import function in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123224 is vulnerable to XML External Entity…
CVE-2019-11678 — CVSS 9.8 (critical): The "default reports" feature in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123218 is vulnerable to SQL Injection.
CVE-2023-47211 — CVSS 9.1 (critical): A directory traversal vulnerability exists in the uploadMib functionality of ManageEngine OpManager 12.7.258. A specially crafted HTTP…
CVE-2017-14123 — CVSS 8.8 (high): Zoho ManageEngine Firewall Analyzer 12200 has an unrestricted File Upload vulnerability in the "Group Chat" section. Any user can upload…
CVE-2022-35404 — CVSS 8.2 (high): ManageEngine Password Manager Pro 12100 and prior and OPManager 126100 and prior are vulnerable to unauthorized file and directory creation…
CVE-2019-17421 — CVSS 7.8 (high): Incorrect file permissions on the packaged Nipper executable file in Zoho ManageEngine OpManager 12.4.072 and Firewall Analyzer 12.4.072…
CVE-2019-11676 — CVSS 6.1 (medium): The user defined DNS name in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123224 is vulnerable to stored XSS attacks.
CVE-2023-6105 — CVSS 5.5 (medium): An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. A…