CVE-2019-11677

EPSS 4.22%
Published 02.05.2019 14:29:00
Last modified 21.11.2024 04:21:34
Source cve@mitre.org
Teams watchlist Login
Open Login

The Custom Report import function in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123224 is vulnerable to XML External Entity (XXE) Injection.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Zohocorp ≫ Manageengine Firewall Analyzer Version7.2 Update7020

Zohocorp ≫ Manageengine Firewall Analyzer Version7.2 Update7021

Zohocorp ≫ Manageengine Firewall Analyzer Version7.4 Update7400

Zohocorp ≫ Manageengine Firewall Analyzer Version7.6 Update7600

Zohocorp ≫ Manageengine Firewall Analyzer Version8.0 Update8000

Zohocorp ≫ Manageengine Firewall Analyzer Version8.1 Update8110

Zohocorp ≫ Manageengine Firewall Analyzer Version8.3 Update8300

Zohocorp ≫ Manageengine Firewall Analyzer Version8.5 Update8500

Zohocorp ≫ Manageengine Firewall Analyzer Version12.0 Update12000

Zohocorp ≫ Manageengine Firewall Analyzer Version12.2 Update12200

Zohocorp ≫ Manageengine Firewall Analyzer Version12.3 Update12300

Zohocorp ≫ Manageengine Firewall Analyzer Version12.3 Update123008

Zohocorp ≫ Manageengine Firewall Analyzer Version12.3 Update123027

Zohocorp ≫ Manageengine Firewall Analyzer Version12.3 Update123045

Zohocorp ≫ Manageengine Firewall Analyzer Version12.3 Update123057

Zohocorp ≫ Manageengine Firewall Analyzer Version12.3 Update123064

Zohocorp ≫ Manageengine Firewall Analyzer Version12.3 Update123070

Zohocorp ≫ Manageengine Firewall Analyzer Version12.3 Update123083

Zohocorp ≫ Manageengine Firewall Analyzer Version12.3 Update123092

Zohocorp ≫ Manageengine Firewall Analyzer Version12.3 Update123126

Zohocorp ≫ Manageengine Firewall Analyzer Version12.3 Update123129

Zohocorp ≫ Manageengine Firewall Analyzer Version12.3 Update123137

Zohocorp ≫ Manageengine Firewall Analyzer Version12.3 Update123151

Zohocorp ≫ Manageengine Firewall Analyzer Version12.3 Update123156

Zohocorp ≫ Manageengine Firewall Analyzer Version12.3 Update123164

Zohocorp ≫ Manageengine Firewall Analyzer Version12.3 Update123169

Zohocorp ≫ Manageengine Firewall Analyzer Version12.3 Update123177

Zohocorp ≫ Manageengine Firewall Analyzer Version12.3 Update123182

Zohocorp ≫ Manageengine Firewall Analyzer Version12.3 Update123185

Zohocorp ≫ Manageengine Firewall Analyzer Version12.3 Update123186

Zohocorp ≫ Manageengine Firewall Analyzer Version12.3 Update123194

Zohocorp ≫ Manageengine Firewall Analyzer Version12.3 Update123197

Zohocorp ≫ Manageengine Firewall Analyzer Version12.3 Update123208

Zohocorp ≫ Manageengine Firewall Analyzer Version12.3 Update123218

Zohocorp ≫ Manageengine Firewall Analyzer Version12.3 Update123222

Zohocorp ≫ Manageengine Firewall Analyzer Version12.3 Update123223

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	4.22%	0.883

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-611 Improper Restriction of XML External Entity Reference

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

https://www.manageengine.com/products/firewall/release-notes.html

Vendor Advisory

Release Notes

https://nvd.nist.gov/vuln/detail/CVE-2019-11677

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-11677

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-11677

EUVD