CVE-2019-11677

The Custom Report import function in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123224 is vulnerable to XML External Entity (XXE) Injection.
References
Link Resource
https://www.manageengine.com/products/firewall/release-notes.html Release Notes Vendor Advisory
Configurations

Configuration 1

cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:7.2:7021:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:7.2:7020:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:7.4:7400:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:8.0:8000:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:7.6:7600:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:8.1:8110:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:8.3:8300:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:8.5:8500:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.0:12000:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.2:12200:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.3:123223:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.3:123222:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.3:123218:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.3:123208:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.3:123197:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.3:123194:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.3:123186:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.3:123185:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.3:123182:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.3:123177:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.3:123169:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.3:123164:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.3:123156:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.3:123151:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.3:123137:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.3:123129:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.3:123126:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.3:123092:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.3:123083:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.3:123070:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.3:123064:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.3:123057:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.3:123045:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.3:123027:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.3:123008:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.3:12300:*:*:*:*:*:*

Information

Published : 2019-05-02 02:29

Updated : 2019-05-03 05:31


NVD link : CVE-2019-11677

Mitre link : CVE-2019-11677

Products Affected
No products.
CWE
CWE-611

Improper Restriction of XML External Entity Reference