Lucene search
K

4 matches found

Check Point Advisories
Check Point Advisories
added 2020/02/25 12:0 a.m.6 views

Zoho ManageEngine OpManager External Entity Injection (CVE-2018-18980)

An External Entity Injection information disclosure vulnerability exists in ManageEngine OpManager. This vulnerability is due to insufficient validation of the RequestXML parameter when processing requests sent to BusinessViewFlashImpl. A remote, unauthenticated attacker could exploit this...

5CVSS1.1AI score0.24995EPSS
Exploits1
OSV
OSV
added 2018/11/06 4:29 a.m.5 views

CVE-2018-18980

An XML External Entity injection XXE vulnerability exists in Zoho ManageEngine Network Configuration Manager and OpManager before 12.3.214 via the RequestXML parameter in a /devices/ProcessRequest.do GET request. For example, the attacker can trigger the transmission of local files to an arbitrar...

7.5CVSS5.9AI score0.24995EPSS
Exploits1References2
NVD
NVD
added 2018/11/06 4:29 a.m.18 views

CVE-2018-18980

An XML External Entity injection XXE vulnerability exists in Zoho ManageEngine Network Configuration Manager and OpManager before 12.3.214 via the RequestXML parameter in a /devices/ProcessRequest.do GET request. For example, the attacker can trigger the transmission of local files to an arbitrar...

7.5CVSS7.6AI score0.24995EPSS
Exploits1References2
CVE
CVE
added 2018/11/06 4:0 a.m.54 views

CVE-2018-18980

CVE-2018-18980 is an XML External Entity (XXE) vulnerability affecting Zoho ManageEngine Network Configuration Manager and OpManager prior to 12.3.214. The issue arises in the RequestXML parameter processed by a /devices/ProcessRequest.do GET request, which could cause the transmission of local f...

7.5CVSS7.6AI score0.24995EPSS
Exploits1References2Affected Software2
Rows per page
Query Builder