Lucene search
+L

167 matches found

Tenable Nessus
Tenable Nessus
added 2023/02/24 12:0 a.m.42 views

ManageEngine Firewall Analyzer REST API Key Disclosure (CVE-2022-36923)

Binary data manageenginefirewallanalyzercve-2022-36923direct.nbin...

7.5CVSS7.5AI score0.08206EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2022/08/26 12:0 a.m.48 views

ManageEngine Firewall Analyzer 12.5.x < 12.5.657 / 12.6.x < 12.6.002 / 12.6.104 / 12.6.118 Authenticate Bypass

The version of ManageEngine Firewall Analyzer running on the remote web server 12.5.x prior to 12.5.657, or 12.6.x prior to 12.6.002 / 12.6.104 / 12.6.118. It is, there, affected by an authentication bypass vulnerability. Due to the lack of proper request handling an unauthenticated, remote...

7.5CVSS7.4AI score0.08206EPSS
Exploits0References2
NVD
NVD
added 2022/08/10 8:16 p.m.20 views

CVE-2022-36923

Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, Firewall Analyzer, and OpUtils before 2022-07-27 through 2022-07-28 125657, 126002, 126104, and 126118 allow unauthenticated attackers to obtain a user's API key, and then access external...

7.5CVSS0.08206EPSS
Exploits0References1
Prion
Prion
added 2022/08/10 8:16 p.m.18 views

Design/Logic Flaw

Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, Firewall Analyzer, and OpUtils before 2022-07-27 through 2022-07-28 125657, 126002, 126104, and 126118 allow unauthenticated attackers to obtain a user's API key, and then access external...

5CVSS7.4AI score0.08206EPSS
Exploits0References1Affected Software7
Cvelist
Cvelist
added 2022/08/10 2:17 p.m.47 views

CVE-2022-36923

Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, Firewall Analyzer, and OpUtils before 2022-07-27 through 2022-07-28 125657, 126002, 126104, and 126118 allow unauthenticated attackers to obtain a user's API key, and then access external...

7.7AI score0.08206EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2022/08/10 2:17 p.m.1 views

CVE-2022-36923

Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, Firewall Analyzer, and OpUtils before 2022-07-27 through 2022-07-28 125657, 126002, 126104, and 126118 allow unauthenticated attackers to obtain a user's API key, and then access external...

7.2AI score0.08206EPSS
Exploits0References1
CVE
CVE
added 2022/08/10 2:17 p.m.460 views

CVE-2022-36923

CVE-2022-36923 affects Zoho ManageEngine products (OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, Firewall Analyzer, and OpUtils) with an authentication bypass that allows an unauthenticated attacker to retrieve a user’s API key and use external APIs. T...

7.5CVSS7.3AI score0.08206EPSS
In wildExploits0References1Affected Software7
CNNVD
CNNVD
added 2022/08/10 12:0 a.m.6 views

多款ZOHO ManageEngine产品安全漏洞

ZOHO ManageEngine OpManager and others are products of ZOHO India.ZOHO ManageEngine OpManager is a suite of network, server and virtualization monitoring software.ZOHO ManageEngine OpManager Plus is an IT operations management solution for Windows and Linux systems. ZOHO ManageEngine OpManager Pl...

8.8CVSS8.6AI score0.78326EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/08/10 12:0 a.m.6 views

PT-2022-23689

Name of the Vulnerable Software and Affected Versions Zoho ManageEngine OpManager versions before 2022-07-27 through 2022-07-28 Zoho ManageEngine OpManager Plus versions before 2022-07-27 through 2022-07-28 Zoho ManageEngine OpManager MSP versions before 2022-07-27 through 2022-07-28 Zoho...

7.5CVSS7.5AI score0.08206EPSS
Exploits0References13
CNVD
CNVD
added 2019/11/22 12:0 a.m.6 views

Zoho ManageEngine OpManager and Firewall Analyzer Elevation of Privilege Vulnerability

Zoho ManageEngine OpManager and Zoho ManageEngine Firewall Analyzer are both products from Zoho, Inc. Zoho ManageEngine OpManager is a suite of network, server and virtualization monitoring software. Zoho ManageEngine Firewall Analyzer is a web-based firewall log analysis tool that collects,...

7.8CVSS7AI score0.00554EPSS
Exploits1References1
NVD
NVD
added 2019/11/21 3:15 p.m.19 views

CVE-2019-17421

Incorrect file permissions on the packaged Nipper executable file in Zoho ManageEngine OpManager 12.4.072 and Firewall Analyzer 12.4.072 allow local users to elevate privileges to root by overwriting this file with a malicious payload...

7.8CVSS7.5AI score0.00554EPSS
Exploits1References3
OSV
OSV
added 2019/11/21 3:15 p.m.6 views

CVE-2019-17421

Incorrect file permissions on the packaged Nipper executable file in Zoho ManageEngine OpManager 12.4.072 and Firewall Analyzer 12.4.072 allow local users to elevate privileges to root by overwriting this file with a malicious payload...

7.8CVSS7.1AI score0.00554EPSS
Exploits1References3
Prion
Prion
added 2019/11/21 3:15 p.m.18 views

Design/Logic Flaw

Incorrect file permissions on the packaged Nipper executable file in Zoho ManageEngine OpManager 12.4.072 and Firewall Analyzer 12.4.072 allow local users to elevate privileges to root by overwriting this file with a malicious payload...

7.2CVSS7.5AI score0.00554EPSS
Exploits1References3Affected Software2
CVE
CVE
added 2019/11/21 2:36 p.m.48 views

CVE-2019-17421

CVE-2019-17421 affects Zoho ManageEngine OpManager 12.4.072 and Firewall Analyzer 12.4.072, where the packaged Nipper executable has incorrect file permissions. This allows a local attacker to elevate privileges to root by overwriting the executable with a malicious payload. Root-level impact is ...

7.8CVSS7.5AI score0.00554EPSS
Exploits1References3Affected Software2
Cvelist
Cvelist
added 2019/11/21 2:36 p.m.18 views

CVE-2019-17421

Incorrect file permissions on the packaged Nipper executable file in Zoho ManageEngine OpManager 12.4.072 and Firewall Analyzer 12.4.072 allow local users to elevate privileges to root by overwriting this file with a malicious payload...

7.5AI score0.00554EPSS
Exploits1References3
NVD
NVD
added 2019/05/02 2:29 p.m.17 views

CVE-2019-11677

The Custom Report import function in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123224 is vulnerable to XML External Entity XXE Injection...

9.8CVSS9.4AI score0.09358EPSS
Exploits0References1
NVD
NVD
added 2019/05/02 2:29 p.m.14 views

CVE-2019-11678

The "default reports" feature in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123218 is vulnerable to SQL Injection...

9.8CVSS9.6AI score0.0948EPSS
Exploits0References1
OSV
OSV
added 2019/05/02 2:29 p.m.5 views

CVE-2019-11676

The user defined DNS name in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123224 is vulnerable to stored XSS attacks...

6.1CVSS6.4AI score0.01929EPSS
Exploits0References1
OSV
OSV
added 2019/05/02 2:29 p.m.4 views

CVE-2019-11678

The "default reports" feature in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123218 is vulnerable to SQL Injection...

9.8CVSS7.3AI score0.0948EPSS
Exploits0References1
Prion
Prion
added 2019/05/02 2:29 p.m.21 views

Sql injection

The "default reports" feature in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123218 is vulnerable to SQL Injection...

7.5CVSS9.5AI score0.0948EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder