4 matches found
Zoho ManageEngine OpManager External Entity Injection (CVE-2018-18980)
An External Entity Injection information disclosure vulnerability exists in ManageEngine OpManager. This vulnerability is due to insufficient validation of the RequestXML parameter when processing requests sent to BusinessViewFlashImpl. A remote, unauthenticated attacker could exploit this...
CVE-2018-18980
An XML External Entity injection XXE vulnerability exists in Zoho ManageEngine Network Configuration Manager and OpManager before 12.3.214 via the RequestXML parameter in a /devices/ProcessRequest.do GET request. For example, the attacker can trigger the transmission of local files to an arbitrar...
CVE-2018-18980
An XML External Entity injection XXE vulnerability exists in Zoho ManageEngine Network Configuration Manager and OpManager before 12.3.214 via the RequestXML parameter in a /devices/ProcessRequest.do GET request. For example, the attacker can trigger the transmission of local files to an arbitrar...
CVE-2018-18980
CVE-2018-18980 is an XML External Entity (XXE) vulnerability affecting Zoho ManageEngine Network Configuration Manager and OpManager prior to 12.3.214. The issue arises in the RequestXML parameter processed by a /devices/ProcessRequest.do GET request, which could cause the transmission of local f...