Zoho ManageEngine OpManager External Entity Injection (CVE-2018-18980)

An External Entity Injection information disclosure vulnerability exists in ManageEngine OpManager. This vulnerability is due to insufficient validation of the RequestXML parameter when processing requests sent to BusinessViewFlashImpl. A remote, unauthenticated attacker could exploit this...

CVE-2018-18980

An XML External Entity injection XXE vulnerability exists in Zoho ManageEngine Network Configuration Manager and OpManager before 12.3.214 via the RequestXML parameter in a /devices/ProcessRequest.do GET request. For example, the attacker can trigger the transmission of local files to an arbitrar...

CVE-2018-18980

An XML External Entity injection XXE vulnerability exists in Zoho ManageEngine Network Configuration Manager and OpManager before 12.3.214 via the RequestXML parameter in a /devices/ProcessRequest.do GET request. For example, the attacker can trigger the transmission of local files to an arbitrar...

Zoho ManageEngine Network Configuration Manager and OpManager XML External Entity Injection Vulnerability

ZOHO ManageEngine Network Configuration Manager and OpManager are both products of ZOHO Inc. ZOHO ManageEngine Network Configuration Manager is a suite of network configuration management, network change and configuration management NCCM software for configuring switches, routers, firewalls and...