Vulnerability Description
A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 allows remote attackers to inject arbitrary web script or HTML via the parameter 'operation' to /servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Zohocorp | Firewall Analyzer | - |
| Zohocorp | Manageengine Netflow Analyzer | - |
| Zohocorp | Manageengine Network Configuration Manager | - |
| Zohocorp | Manageengine Opmanager | - |
| Zohocorp | Manageengine Oputils | - |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/148635/Zoho-ManageEngine-13-13790-build-XSSExploitThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2018/Jul/75ExploitMailing ListThird Party Advisory
- http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201807-036ExploitThird Party Advisory
- https://github.com/unh3x/just4cve/issues/10ExploitThird Party Advisory
- http://packetstormsecurity.com/files/148635/Zoho-ManageEngine-13-13790-build-XSSExploitThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2018/Jul/75ExploitMailing ListThird Party Advisory
- http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201807-036ExploitThird Party Advisory
- https://github.com/unh3x/just4cve/issues/10ExploitThird Party Advisory
FAQ
What is CVE-2018-12998?
CVE-2018-12998 is a vulnerability with a CVSS score of 6.1 (MEDIUM). A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtil...
How severe is CVE-2018-12998?
CVE-2018-12998 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-12998?
Check the references section above for vendor advisories and patch information. Affected products include: Zohocorp Firewall Analyzer, Zohocorp Manageengine Netflow Analyzer, Zohocorp Manageengine Network Configuration Manager, Zohocorp Manageengine Opmanager, Zohocorp Manageengine Oputils.