var-201905-0976
Vulnerability from variot
The user defined DNS name in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123224 is vulnerable to stored XSS attacks. Zoho ManageEngine Firewall Analyzer Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Zoho ManageEngine Firewall Analyzer is prone to the following security vulnerabilities. 1. An HTML-injection vulnerability. 2. An XML External Entity injection vulnerability. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or gain access to sensitive information or cause denial-of-service conditions. Other attacks are also possible. ZOHO ManageEngine Firewall Analyzer is a set of web-based firewall log analysis tools from ZOHO, USA. It can collect, correlate analysis and report logs on firewalls, proxy servers and Radius servers throughout the enterprise. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201905-0976",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "manageengine firewall analyzer",
"scope": "eq",
"trust": 1.0,
"vendor": "zohocorp",
"version": "7.4"
},
{
"model": "manageengine firewall analyzer",
"scope": "eq",
"trust": 1.0,
"vendor": "zohocorp",
"version": "8.5"
},
{
"model": "manageengine firewall analyzer",
"scope": "eq",
"trust": 1.0,
"vendor": "zohocorp",
"version": "8.1"
},
{
"model": "manageengine firewall analyzer",
"scope": "eq",
"trust": 1.0,
"vendor": "zohocorp",
"version": "8.3"
},
{
"model": "manageengine firewall analyzer",
"scope": "eq",
"trust": 1.0,
"vendor": "zohocorp",
"version": "12.0"
},
{
"model": "manageengine firewall analyzer",
"scope": "eq",
"trust": 1.0,
"vendor": "zohocorp",
"version": "12.2"
},
{
"model": "manageengine firewall analyzer",
"scope": "eq",
"trust": 1.0,
"vendor": "zohocorp",
"version": "7.6"
},
{
"model": "manageengine firewall analyzer",
"scope": "eq",
"trust": 1.0,
"vendor": "zohocorp",
"version": "12.3"
},
{
"model": "manageengine firewall analyzer",
"scope": "eq",
"trust": 1.0,
"vendor": "zohocorp",
"version": "7.2"
},
{
"model": "manageengine firewall analyzer",
"scope": "eq",
"trust": 1.0,
"vendor": "zohocorp",
"version": "8.0"
},
{
"model": "manageengine firewall analyzer",
"scope": "lt",
"trust": 0.8,
"vendor": "zoho",
"version": "12.3 build 123224"
},
{
"model": "manageengine firewall analyzer build",
"scope": "eq",
"trust": 0.3,
"vendor": "zoho",
"version": "8.58500"
},
{
"model": "manageengine firewall analyzer build",
"scope": "eq",
"trust": 0.3,
"vendor": "zoho",
"version": "8.38300"
},
{
"model": "manageengine firewall analyzer build",
"scope": "eq",
"trust": 0.3,
"vendor": "zoho",
"version": "8.18110"
},
{
"model": "manageengine firewall analyzer build",
"scope": "eq",
"trust": 0.3,
"vendor": "zoho",
"version": "8.08000"
},
{
"model": "manageengine firewall analyzer build",
"scope": "eq",
"trust": 0.3,
"vendor": "zoho",
"version": "7.67600"
},
{
"model": "manageengine firewall analyzer build",
"scope": "eq",
"trust": 0.3,
"vendor": "zoho",
"version": "7.47400"
},
{
"model": "manageengine firewall analyzer build",
"scope": "eq",
"trust": 0.3,
"vendor": "zoho",
"version": "7.27021"
},
{
"model": "manageengine firewall analyzer build",
"scope": "eq",
"trust": 0.3,
"vendor": "zoho",
"version": "7.27020"
},
{
"model": "manageengine firewall analyzer build",
"scope": "eq",
"trust": 0.3,
"vendor": "zoho",
"version": "12.3123223"
},
{
"model": "manageengine firewall analyzer build",
"scope": "eq",
"trust": 0.3,
"vendor": "zoho",
"version": "12.3123222"
},
{
"model": "manageengine firewall analyzer build",
"scope": "eq",
"trust": 0.3,
"vendor": "zoho",
"version": "12.3123218"
},
{
"model": "manageengine firewall analyzer build",
"scope": "eq",
"trust": 0.3,
"vendor": "zoho",
"version": "12.3123208"
},
{
"model": "manageengine firewall analyzer build",
"scope": "eq",
"trust": 0.3,
"vendor": "zoho",
"version": "12.3123197"
},
{
"model": "manageengine firewall analyzer build",
"scope": "eq",
"trust": 0.3,
"vendor": "zoho",
"version": "12.3123194"
},
{
"model": "manageengine firewall analyzer build",
"scope": "eq",
"trust": 0.3,
"vendor": "zoho",
"version": "12.3123186"
},
{
"model": "manageengine firewall analyzer build",
"scope": "eq",
"trust": 0.3,
"vendor": "zoho",
"version": "12.3123185"
},
{
"model": "manageengine firewall analyzer build",
"scope": "eq",
"trust": 0.3,
"vendor": "zoho",
"version": "12.3123182"
},
{
"model": "manageengine firewall analyzer build",
"scope": "eq",
"trust": 0.3,
"vendor": "zoho",
"version": "12.3123177"
},
{
"model": "manageengine firewall analyzer build",
"scope": "eq",
"trust": 0.3,
"vendor": "zoho",
"version": "12.3123169"
},
{
"model": "manageengine firewall analyzer build",
"scope": "eq",
"trust": 0.3,
"vendor": "zoho",
"version": "12.3123164"
},
{
"model": "manageengine firewall analyzer build",
"scope": "eq",
"trust": 0.3,
"vendor": "zoho",
"version": "12.3123156"
},
{
"model": "manageengine firewall analyzer build",
"scope": "eq",
"trust": 0.3,
"vendor": "zoho",
"version": "12.3123151"
},
{
"model": "manageengine firewall analyzer build",
"scope": "eq",
"trust": 0.3,
"vendor": "zoho",
"version": "12.3123137"
},
{
"model": "manageengine firewall analyzer build",
"scope": "eq",
"trust": 0.3,
"vendor": "zoho",
"version": "12.3123129"
},
{
"model": "manageengine firewall analyzer build",
"scope": "eq",
"trust": 0.3,
"vendor": "zoho",
"version": "12.3123126"
},
{
"model": "manageengine firewall analyzer build",
"scope": "eq",
"trust": 0.3,
"vendor": "zoho",
"version": "12.3123092"
},
{
"model": "manageengine firewall analyzer build",
"scope": "eq",
"trust": 0.3,
"vendor": "zoho",
"version": "12.3123083"
},
{
"model": "manageengine firewall analyzer build",
"scope": "eq",
"trust": 0.3,
"vendor": "zoho",
"version": "12.3123070"
},
{
"model": "manageengine firewall analyzer build",
"scope": "eq",
"trust": 0.3,
"vendor": "zoho",
"version": "12.3123064"
},
{
"model": "manageengine firewall analyzer build",
"scope": "eq",
"trust": 0.3,
"vendor": "zoho",
"version": "12.3123057"
},
{
"model": "manageengine firewall analyzer build",
"scope": "eq",
"trust": 0.3,
"vendor": "zoho",
"version": "12.3123045"
},
{
"model": "manageengine firewall analyzer build",
"scope": "eq",
"trust": 0.3,
"vendor": "zoho",
"version": "12.3123027"
},
{
"model": "manageengine firewall analyzer build",
"scope": "eq",
"trust": 0.3,
"vendor": "zoho",
"version": "12.3123008"
},
{
"model": "manageengine firewall analyzer build",
"scope": "eq",
"trust": 0.3,
"vendor": "zoho",
"version": "12.312300"
},
{
"model": "manageengine firewall analyzer build",
"scope": "eq",
"trust": 0.3,
"vendor": "zoho",
"version": "12.212200"
},
{
"model": "manageengine firewall analyzer build",
"scope": "eq",
"trust": 0.3,
"vendor": "zoho",
"version": "12.012000"
},
{
"model": "manageengine firewall analyzer build",
"scope": "ne",
"trust": 0.3,
"vendor": "zoho",
"version": "12.3123224"
}
],
"sources": [
{
"db": "BID",
"id": "108841"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004014"
},
{
"db": "NVD",
"id": "CVE-2019-11676"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:zohocorp:manageengine_firewall_analyzer",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004014"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported these issues.",
"sources": [
{
"db": "BID",
"id": "108841"
}
],
"trust": 0.3
},
"cve": "CVE-2019-11676",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2019-11676",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-143346",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2019-11676",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-11676",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2019-11676",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201905-068",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-143346",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-143346"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004014"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-068"
},
{
"db": "NVD",
"id": "CVE-2019-11676"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The user defined DNS name in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123224 is vulnerable to stored XSS attacks. Zoho ManageEngine Firewall Analyzer Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Zoho ManageEngine Firewall Analyzer is prone to the following security vulnerabilities. \n1. An HTML-injection vulnerability. \n2. An XML External Entity injection vulnerability. \nSuccessful exploits will allow attacker-supplied HTML and script code to run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or gain access to sensitive information or cause denial-of-service conditions. Other attacks are also possible. ZOHO ManageEngine Firewall Analyzer is a set of web-based firewall log analysis tools from ZOHO, USA. It can collect, correlate analysis and report logs on firewalls, proxy servers and Radius servers throughout the enterprise. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-11676"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004014"
},
{
"db": "BID",
"id": "108841"
},
{
"db": "VULHUB",
"id": "VHN-143346"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-11676",
"trust": 2.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004014",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201905-068",
"trust": 0.7
},
{
"db": "BID",
"id": "108841",
"trust": 0.3
},
{
"db": "VULHUB",
"id": "VHN-143346",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-143346"
},
{
"db": "BID",
"id": "108841"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004014"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-068"
},
{
"db": "NVD",
"id": "CVE-2019-11676"
}
]
},
"id": "VAR-201905-0976",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-143346"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:21:37.252000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Firewall Analyzer - Release Notes",
"trust": 0.8,
"url": "https://www.manageengine.com/products/firewall/release-notes.html"
},
{
"title": "ZOHO ManageEngine Firewall Analyzer Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92208"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004014"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-068"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-143346"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004014"
},
{
"db": "NVD",
"id": "CVE-2019-11676"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://www.manageengine.com/products/firewall/release-notes.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11676"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11676"
},
{
"trust": 0.3,
"url": "https://www.manageengine.com/products/firewall/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-143346"
},
{
"db": "BID",
"id": "108841"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004014"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-068"
},
{
"db": "NVD",
"id": "CVE-2019-11676"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-143346"
},
{
"db": "BID",
"id": "108841"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004014"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-068"
},
{
"db": "NVD",
"id": "CVE-2019-11676"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-02T00:00:00",
"db": "VULHUB",
"id": "VHN-143346"
},
{
"date": "2019-05-02T00:00:00",
"db": "BID",
"id": "108841"
},
{
"date": "2019-05-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-004014"
},
{
"date": "2019-05-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-068"
},
{
"date": "2019-05-02T14:29:00.307000",
"db": "NVD",
"id": "CVE-2019-11676"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-03T00:00:00",
"db": "VULHUB",
"id": "VHN-143346"
},
{
"date": "2019-05-02T00:00:00",
"db": "BID",
"id": "108841"
},
{
"date": "2019-05-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-004014"
},
{
"date": "2019-05-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-068"
},
{
"date": "2024-11-21T04:21:34.310000",
"db": "NVD",
"id": "CVE-2019-11676"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-068"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Zoho ManageEngine Firewall Analyzer Vulnerable to cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004014"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-068"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.