Security Updates - CVE Database

CVE-2018-12997, CVE-2018-12998

Cross-site scripting (XSS) vulnerability

Vulnerability Details
Impact CVSS V3 rating: 6.1 (Medium)
Reported 6 June 2018
Fixed 12 July 2018
Affected Builds Till Build 123137
Fixed in Build 123169
Overview Vulnerability in Path traversal
Recommended Fix Upgrade to NetFlow Analyzer Version 12.3.169 or above.

Description

An issue was discovered in Zoho ManageEngine Netflow Analyzer 123137. A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 allows remote attackers to inject arbitrary web script or HTML via the parameter 'operation' to /servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet.

We recommend that you upgrade to NetFlow Analyzer version 12.3.169 and above to fix this issue.

Source and Acknowledgements

Find out more about CVE-2018-12997 and CVE-2018-12998 from the CVE dictionary.

Need Help?

For clarification or corrections please contact our support team or email us at netflowanalyzer-support@manageengine.com