This page contains a list of all security vulnerabilities fixed in Firewall Analyzer along with its CVE/ZVE ID and fixed build number. Go to ManageEngine's Security Response Center to report vulnerabilities on ManageEngine products.
| CVE ID | Synopsis | Severity | Fixed in version | Link to latest build |
|---|---|---|---|---|
| ZVE-2024-1132 | Previously, CSRF vulnerability (ZVE-2024-1132) was detected where the external users were able to utilize the network tools without authentication to perform ping or SNMP ping on network devices. This has now been fixed. (Reported by Jayateertha Guruprasad). | Medium | 128103/128247 | Download |
| CVE-2022-36923 | A vulnerability resulted in unauthenticated access of the user API key. This issue has been fixed now. (Reported by Anonymous working with Trend Micro Zero Day Initiative) | Critical | 126118 / 126104 / 126002 / 125657 | |
| CVE-2022-35404 | Unauthorized creation of files lead to high resource consumption. This has been fixed now.(Reported by Tenable) | Medium | 12.5.639/ 12.5.655/ 12.6.101 | |
| CVE-2021-43319 | Earlier, there was a Remote Code Execution (RCE) vulnerability in the Ping functionality. This issue has been fixed now. | High | 12.5.488 | |
| CVE-2021-20078 | Folder deletion due to Path Traversal vulnerability in Sparkgateway jar | High | 12.5.362 | |
| CVE-2021-3287 | Unauthenticated Remote Code Execution (RCE) vulnerability due to general bypass for the deserialization class. | Critical | 12.5.220/12.5.314/12.5.329 | |
| CVE-2020-12116 | Path Traversal vulnerability in URLs starting with <cachestart> | High | 12.4.196/12.5.125 | |
| CVE-2020-11946 | Unauthenticated access to API key disclosure from a servlet call | High | 12.4.188/12.5.120 | |
| CVE-2020-11527 | Unauthenticated remote attacker can send a specially crafted URI to read arbitrary files. | High | 12.4.181 | |
| CVE-2020-10541 | Remote Code Execution (RCE) vulnerability in Mail Server Settings v1 APIs. | High | 12.4.172 | |
| CVE-2019-17421 | Incorrect file permissions on the packaged Nipper executable file. | Medium | 12.4.079/12.4.099 | |
| Internal | An operator user could access restricted folders bypassing the session. | High | 12.3.241 | |
| CVE-2018-19403 | Unauthenticated Remote Code Execution (RCE) vulnerability. | High | 12.3.231 | |
| CVE-2018-12997 | Incorrect Access Control in FailOverHelperServlet. | High | 12.3.169 | |
| CVE-2018-12998 | It allows remote attackers to inject arbitrary web script or HTML. | Medium | 12.3.169 |