List of security vulnerabilities fixed in Firewall Analyzer

This page contains a list of all security vulnerabilities fixed in Firewall Analyzer along with its CVE/ZVE ID and fixed build number. Go to ManageEngine's Security Response Center to report vulnerabilities on ManageEngine products.

Download

CVE ID Synopsis Severity Fixed in version Link to latest build
ZVE-2024-1132 Previously, CSRF vulnerability (ZVE-2024-1132) was detected where the external users were able to utilize the network tools without authentication to perform ping or SNMP ping on network devices. This has now been fixed. (Reported by Jayateertha Guruprasad). Medium 128103/128247 Download
CVE-2022-36923 A vulnerability resulted in unauthenticated access of the user API key. This issue has been fixed now. (Reported by Anonymous working with Trend Micro Zero Day Initiative) Critical  126118 / 126104 / 126002 / 125657
CVE-2022-35404 Unauthorized creation of files lead to high resource consumption. This has been fixed now.(Reported by Tenable) Medium 12.5.639/ 12.5.655/ 12.6.101
CVE-2021-43319 Earlier, there was a Remote Code Execution (RCE) vulnerability in the Ping functionality. This issue has been fixed now. High 12.5.488
CVE-2021-20078 Folder deletion due to Path Traversal vulnerability in Sparkgateway jar High 12.5.362
CVE-2021-3287 Unauthenticated Remote Code Execution (RCE) vulnerability due to general bypass for the deserialization class. Critical 12.5.220/12.5.314/12.5.329
CVE-2020-12116 Path Traversal vulnerability in URLs starting with <cachestart> High 12.4.196/12.5.125
CVE-2020-11946 Unauthenticated access to API key disclosure from a servlet call High 12.4.188/12.5.120
CVE-2020-11527 Unauthenticated remote attacker can send a specially crafted URI to read arbitrary files. High 12.4.181
CVE-2020-10541 Remote Code Execution (RCE) vulnerability in Mail Server Settings v1 APIs. High 12.4.172
CVE-2019-17421 Incorrect file permissions on the packaged Nipper executable file. Medium 12.4.079/12.4.099
Internal An operator user could access restricted folders bypassing the session. High 12.3.241
CVE-2018-19403 Unauthenticated Remote Code Execution (RCE) vulnerability. High 12.3.231
CVE-2018-12997 Incorrect Access Control in FailOverHelperServlet. High 12.3.169
CVE-2018-12998 It allows remote attackers to inject arbitrary web script or HTML. Medium 12.3.169

 

A single platter for comprehensive Network Security Device Management