This page contains a list of all security vulnerabilities fixed in NetFlow Analyzer along with its CVE ID and fixed build number. Go to ManageEngine's Security Response Center to report vulnerabilities on ManageEngine products.
CVE ID | Synopsis | Severity | Fixed in version | Link to latest build |
---|---|---|---|---|
CVE-2023-47211 | Earlier, path traversal vulnerability was detected for MIB browser. This issue has now been fixed by implementing path sanitization. | High | 127260 / 127248 / 127193 / 127142 | Download |
CVE-2022-37024 | Earlier, there was a Remote Code Execution (RCE) vulnerability in IPv6 address management reported by an anonymous working with Trend Micro Zero Day Initiative. This has been fixed now. | Critical | 126120 / 126105 / 126003 / 125658 | |
CVE-2022-38772 | Earlier, there was a Remote Code Execution (RCE) vulnerability in IPv4 address management reported by an anonymous working with Trend Micro Zero Day Initiative. This has been fixed now. | Critical | 126120 / 126105 / 126003 / 125658 | |
CVE-2022-36923 | A vulnerability resulted in unauthenticated access of the user API key. This issue has been fixed now. (Reported by Anonymous working with Trend Micro Zero Day Initiative) | Critical | 126118 / 126104 / 126002 / 125657 | |
CVE-2022-35404 | Unauthorized creation of files lead to high resource consumption. This has been fixed now.(Reported by Tenable) | Medium | 125639/ 125655/ 126101 | |
CVE-2022-24703 | Earlier, there was a stored XSS vulnerability in the Schedule name field of Schedule page. This issue is fixed now. | Medium | 125584 | |
Internal | Authentication bypass vulnerability in file import APIs in the NetFlow EE Central Server | High | 125476/125565 | |
CVE-2021-43319 | Remote Code Execution (RCE) vulnerability in the Ping functionality | High | 125488 | |
CVE-2021-41075 | SQL Injection in Attacks module API | High | 125464 | |
CVE-2021-20078 | Folder deletion due to Path Traversal vulnerability in Sparkgateway jar | Critical | 125362, 125332 and 125347 | |
CVE-2021-3287 | Unauthenticated Remote Code Execution (RCE) vulnerability due to general bypass for the deserialization class. | Critical | 125220 | |
CVE-2020-12116 | Path Traversal vulnerability | High | 124196/125125 | |
CVE-2020-11946 | Unauthenticated access to API key disclosure from a servlet call | High | 124188/125120 | |
CVE-2020-11527 | File read vulnerability in Arbitrary file | High | 124181 | |
CVE-2020-10541 | Remote Code Execution (RCE) vulnerability in Mail Server Settings v1 APIs | High | 124172 | |
Internal | XML injection vulnerability in IPGroup bulk load | High | 124168 | |
CVE-2019-17421 | Incorrect file permissions on the packaged Nipper executable file | Medium | 124079 and 124099 | |
CVE-2017-11560 | HTML Injection vulnerability | Medium | 124033 | |
CVE-2019-12196 | SQL Injection vulnerability in Compare reports | High | 124029 | |
CVE-2008-0128 | Tomcat Vulnerability | Medium | 124024 | |
CVE-2019-7422, CVE-2019-7423, CVE-2019-7424, CVE-2019-7425, CVE-2019-7426, CVE-2019-7427 | XSS vulnerability in input text boxes in the Reports and Settings page | High | 123323 | |
CVE-2019-8925, CVE-2019-8926, CVE-2019-8927, CVE-2019-8928, CVE-2019-8929 | Path traversal vulnerability | High | 123323 | |
Internal | An operator user could access some restricted folders by bypassing the session | High | 123241 | |
CVE-2018-19403 | Unauthenticated Remote Code Execution (RCE) vulnerability | High | 123231 | |
CVE-2018-12997, CVE-2018-12998 | Arbitrary web script or HTML injection | Medium | 123169 | |
CVE-2018-10803 | Cross-site Scripting (XSS) in add Credential page | Medium | 123125 |