Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
manageengine firewall analyzer vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2018-12997
Incorrect Access Control in FailOverHelperServlet in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 allows malicious u...
Zohocorp Manageengine Netflow Analyzer -
Zohocorp Firewall Analyzer -
Zohocorp Manageengine Opmanager -
Zohocorp Manageengine Oputils -
Zohocorp Manageengine Network Configuration Manager -
4.3
CVSSv2
CVE-2018-12998
A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 allows remote m...
Zohocorp Manageengine Netflow Analyzer -
Zohocorp Firewall Analyzer -
Zohocorp Manageengine Opmanager -
Zohocorp Manageengine Oputils -
Zohocorp Manageengine Network Configuration Manager -
9
CVSSv2
CVE-2017-14123
Zoho ManageEngine Firewall Analyzer 12200 has an unrestricted File Upload vulnerability in the "Group Chat" section. Any user can upload files with any extensions. By uploading a PHP file to the server, an attacker can cause it to execute in the server context, as demon...
Zohocorp Manageengine Firewall Analyzer 12.2
7.2
CVSSv2
CVE-2019-17421
Incorrect file permissions on the packaged Nipper executable file in Zoho ManageEngine OpManager 12.4.072 and Firewall Analyzer 12.4.072 allow local users to elevate privileges to root by overwriting this file with a malicious payload.
Zohocorp Manageengine Firewall Analyzer 12.4
Zohocorp Manageengine Opmanager 12.4
NA
CVE-2023-47211
A directory traversal vulnerability exists in the uploadMib functionality of ManageEngine OpManager 12.7.258. A specially crafted HTTP request can lead to arbitrary file creation. An attacker can send a malicious MiB file to trigger this vulnerability.
Zohocorp Manageengine Opmanager
Zohocorp Manageengine Opmanager 12.7
Zohocorp Manageengine Oputils
Zohocorp Manageengine Oputils 12.7
Zohocorp Manageengine Firewall Analyzer 12.7
Zohocorp Manageengine Firewall Analyzer
Zohocorp Manageengine Netflow Analyzer 12.7
Zohocorp Manageengine Netflow Analyzer
Zohocorp Manageengine Network Configuration Manager 12.7
Zohocorp Manageengine Network Configuration Manager
Zohocorp Manageengine Opmanager Msp 12.7
Zohocorp Manageengine Opmanager Msp
Zohocorp Manageengine Opmanager Plus 12.7
Zohocorp Manageengine Opmanager Plus
NA
CVE-2022-36923
Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, Firewall Analyzer, and OpUtils prior to 2022-07-27 through 2022-07-28 (125657, 126002, 126104, and 126118) allow unauthenticated malicious users to obtain a user's AP...
Zohocorp Manageengine Opmanager 12.5
Zohocorp Manageengine Network Configuration Manager 12.5
Zohocorp Manageengine Oputils 12.6
Zohocorp Manageengine Oputils 12.5
Zohocorp Manageengine Firewall Analyzer 12.5
Zohocorp Manageengine Netflow Analyzer 12.5
Zohocorp Manageengine Firewall Analyzer 12.6
Zohocorp Manageengine Netflow Analyzer 12.6
Zohocorp Manageengine Network Configuration Manager 12.6
Zohocorp Manageengine Opmanager 12.6
Zohocorp Manageengine Opmanager Msp 12.5
Zohocorp Manageengine Opmanager Plus 12.6
Zohocorp Manageengine Opmanager Plus 12.5
Zohocorp Manageengine Opmanager Msp 12.6
1 Github repository
NA
CVE-2022-37024
Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, and OpUtils prior to 2022-07-29 through 2022-07-30 ( 125658, 126003, 126105, and 126120) allow authenticated users to make database changes that lead to remote code execut...
Zohocorp Manageengine Opmanager 12.5
Zohocorp Manageengine Network Configuration Manager 12.5
Zohocorp Manageengine Firewall Analyzer 12.5
Zohocorp Manageengine Netflow Analyzer 12.5
Zohocorp Manageengine Oputils 12.5
Zohocorp Manageengine Oputils 12.6
Zohocorp Manageengine Firewall Analyzer 12.6
Zohocorp Manageengine Netflow Analyzer 12.6
Zohocorp Manageengine Network Configuration Manager 12.6
Zohocorp Manageengine Opmanager 12.6
Zohocorp Manageengine Opmanager Msp 12.5
Zohocorp Manageengine Opmanager Msp 12.6
Zohocorp Manageengine Opmanager Plus 12.5
Zohocorp Manageengine Opmanager Plus 12.6
7.2
CVSSv2
CVE-2019-12133
Multiple Zoho ManageEngine products suffer from local privilege escalation due to improper permissions for the %SYSTEMDRIVE%\ManageEngine directory and its sub-folders. Moreover, the services associated with said products try to execute binaries such as sc.exe from the current di...
Zohocorp Manageengine Mobile Device Manager Plus 9.0.0
Zohocorp Manageengine Patch Connect Plus 9.0.0
Zohocorp Manageengine Vulnerability Manager Plus 9.0.0
Zohocorp Manageengine Patch Manager Plus 9.0.0
Zohocorp Manageengine Browser Security Plus -
Zohocorp Manageengine Eventlog Analyzer 12.0.2
Zohocorp Manageengine Supportcenter Plus 8.1
Zohocorp Manageengine Opmanager 12.3
Zohocorp Manageengine Oputils 11.0
Zohocorp Manageengine Desktop Central 10.0.380
Zohocorp Manageengine Firewall 12.0
Zohocorp Manageengine Key Manager Plus 5.6
Zohocorp Manageengine Password Manager Pro 9.9
Zohocorp Manageengine Analytics Plus 1.0
Zohocorp Manageengine Servicedesk Plus 10.0.0
Zohocorp Manageengine O365 Manager Plus 4.0
Zohocorp Manageengine Netflow Analyzer 11.0
Zohocorp Manageengine Network Configuration Manager 11.0
5
CVSSv2
CVE-2018-17283
Zoho ManageEngine OpManager prior to 12.3 Build 123196 does not require authentication for /oputilsServlet requests, as demonstrated by a /oputilsServlet?action=getAPIKey request that can be leveraged against Firewall Analyzer to add an admin user via /api/json/v2/admin/addUser o...
Zohocorp Manageengine Opmanager
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028
CVE-2024-32406
CVE-2024-25624
IMAP
CVE-2024-2310
CVE-2024-0874
CVE-2024-20359
XXE
remote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2