Lucene search

[email protected]CVE-2012-4889

HistorySep 10, 2012 - 10:55 p.m.

CVE-2012-4889

2012-09-1022:55:00

CWE-79

[email protected]

web.nvd.nist.gov

cve

2012

4889

xss

manageengine

firewall analyzer

vulnerabilities

remote attackers

web script

html

injection

nvd

5.9 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.035 Low

EPSS

Percentile

91.6%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Firewall Analyzer 7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) subTab or (2) tab parameter to createAnomaly.do; (3) url, (4) subTab, or (5) tab parameter to mindex.do; (6) tab parameter to index2.do; or (7) port parameter to syslogViewer.do.

CPENameOperatorVersion
manageengine:firewall_analyzermanageengine firewall analyzereq7.2

CPE	Name	Operator	Version
manageengine:firewall_analyzer	manageengine firewall analyzer	eq	7.2

References

osvdb.org/80872

osvdb.org/80873

osvdb.org/80874

osvdb.org/80875

packetstormsecurity.org/files/111474/VL-437.txt

secunia.com/advisories/48657

www.securityfocus.com/bid/52841

www.vulnerability-lab.com/get_content.php?id=437

exchange.xforce.ibmcloud.com/vulnerabilities/74538

5.9 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.035 Low

EPSS

Percentile

91.6%

JSON

Related for CVE-2012-4889

cvelist2 nuclei1 prion2 cve1