Firewall Configuration & Log Management by ManageEngine Firewall Analyzer

CVE-2018-12997

Incorrect Access Control in FailOverHelperServlet

Vulnerability Details
Impact	CVSS V3 rating: 7.5 (High)
Reported	29 Jun 2018
Fixed	29 Nov 2018
Affected Builds	Till Build 123147
Fixed in	Build 123231
Overview	Incorrect Access Control in FailOverHelperServlet
Recommended Fix	Upgrade to Firewall Analyzer Version 12.3.231 or above.

Description

Incorrect Access Control in FailOverHelperServlet in Firewall Analyzer before build 123147 allows attackers to read certain files on the web server without login by sending a specially crafted request to the server with the operation=copyfile&fileName= substring.

We recommend that you upgrade to Firewall Analyzer version 12.3.231 and above to fix this issue.

Source and Acknowledgements

Find out more about CVE-2018-12997 from the CVE dictionary.

Need Help?

For clarification or corrections please contact our support team or email us at fwanalyzer-support@manageengine.com

A single platter for comprehensive Network Security Device Management

Quick LinksNetwork Bandwidth ReportsNetwork Security & Device MgmtLog ManagementCompliance & MSSP Features

» Pricing & Purchase
» Let Us Assist You

» What's new?
» Awards & Recognition

Firewall Device Management
1. » Policy Overview Report
2. » Used Rules Report
3. » Unused Rules Report
4. » Security Management
5. » Configuration Change Management Report/Alert

Firewall Log Analysis
1. » Check Point
2. » Cisco PIX Device
3. » Cisco ASA Device
4. » CyberGuard
5. » Fortigate
6. » IPFIX with Extensions Support
7. » Virtual/Context-based Firewall Support

Security Device Log Analysis
1. » Microsoft ISA
2. » NetScreen
3. » SonicWALL
4. » WatchGuard
5. » Squid Proxy

Compliance

MSSP Specific Features
1. » Managed Firewall Service
2. » Dashboard and User Views
3. » Rebranding
Troubleshooting Tool:
1. » Diagnose Live Firewall Connections

Other Features
1. » External User Authentication
2. » Alert Administration
3. » Integration with ManageEngine OpManager
4. » Firewall Credential Profiles
5. » Custom Reports
6. » Scheduled Reports
7. » Firewall Bandwidth Alerts