Vulnerabilities > Zohocorp > Manageengine Firewall Analyzer
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-08 | CVE-2023-47211 | Path Traversal vulnerability in Zohocorp products A directory traversal vulnerability exists in the uploadMib functionality of ManageEngine OpManager 12.7.258. | 8.6 |
| 2023-11-15 | CVE-2023-6105 | Unspecified vulnerability in Zohocorp products An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. | 5.5 |
| 2022-07-18 | CVE-2022-35404 | Improper Input Validation vulnerability in Zohocorp products ManageEngine Password Manager Pro 12100 and prior and OPManager 126100 and prior are vulnerable to unauthorized file and directory creation on a server machine. | 8.2 |
| 2019-11-21 | CVE-2019-17421 | Incorrect Default Permissions vulnerability in Zohocorp products Incorrect file permissions on the packaged Nipper executable file in Zoho ManageEngine OpManager 12.4.072 and Firewall Analyzer 12.4.072 allow local users to elevate privileges to root by overwriting this file with a malicious payload. | 7.2 |
| 2019-05-02 | CVE-2019-11678 | SQL Injection vulnerability in Zohocorp Manageengine Firewall Analyzer The "default reports" feature in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123218 is vulnerable to SQL Injection. | 7.5 |
| 2019-05-02 | CVE-2019-11677 | XXE vulnerability in Zohocorp Manageengine Firewall Analyzer The Custom Report import function in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123224 is vulnerable to XML External Entity (XXE) Injection. | 7.5 |
| 2019-05-02 | CVE-2019-11676 | Cross-site Scripting vulnerability in Zohocorp Manageengine Firewall Analyzer The user defined DNS name in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123224 is vulnerable to stored XSS attacks. | 4.3 |
| 2017-09-04 | CVE-2017-14123 | Unrestricted Upload of File with Dangerous Type vulnerability in Zohocorp Manageengine Firewall Analyzer 12.2 Zoho ManageEngine Firewall Analyzer 12200 has an unrestricted File Upload vulnerability in the "Group Chat" section. | 9.0 |
| 2017-06-27 | CVE-2015-7781 | Permission Issues vulnerability in Zohocorp Manageengine Firewall Analyzer 7.2/7.4/7.6 ManageEngine Firewall Analyzer before 8.0 does not restrict access permissions. | 5.0 |
| 2017-06-27 | CVE-2015-7780 | Path Traversal vulnerability in Zohocorp Manageengine Firewall Analyzer 7.2/7.4/7.6 Directory traversal vulnerability in ManageEngine Firewall Analyzer before 8.0. | 4.0 |