| Vulnerability Details | |
|---|---|
| Impact | CVSS V3 rating: 6.1 (Medium) |
| Reported | 6 June 2018 |
| Fixed | 12 July 2018 |
| Affected Builds | Till Build 123137 |
| Fixed in | Build 123169 |
| Overview | Vulnerability in Path traversal |
| Recommended Fix | Upgrade to NetFlow Analyzer Version 12.3.169 or above. |
An issue was discovered in Zoho ManageEngine Netflow Analyzer 123137. A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 allows remote attackers to inject arbitrary web script or HTML via the parameter 'operation' to /servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet.
We recommend that you upgrade to NetFlow Analyzer version 12.3.169 and above to fix this issue.
Source and Acknowledgements
Find out more about CVE-2018-12997 and CVE-2018-12998 from the CVE dictionary.
For clarification or corrections please contact our support team or email us at netflowanalyzer-support@manageengine.com