List of security vulnerabilities fixed in Firewall Analyzer

This page contains a list of all security vulnerabilities fixed in Firewall Analyzer along with its CVE/ZVE ID and fixed build number. Go to ManageEngine's Security Response Center to report vulnerabilities on ManageEngine products.

CVE ID Synopsis Severity Fixed in version Link to latest build
CVE-2020-12116 Path Traversal vulnerability in URLs starting with <cachestart> High 124196/125125 Download
CVE-2020-11946 Unauthenticated access to API key disclosure from a servlet call High 124188/125120
CVE-2020-11527 Unauthenticated remote attacker can send a specially crafted URI to read arbitrary files. High 124181
CVE-2020-10541 Remote Code Execution (RCE) vulnerability in Mail Server Settings v1 APIs. High 124172
CVE-2019-17421 Incorrect file permissions on the packaged Nipper executable file. Medium 124079/124099
Internal An operator user could access restricted folders bypassing the session. High 123241
CVE-2018-19403 Unauthenticated Remote Code Execution (RCE) vulnerability. High 123231
CVE-2018-12997 Incorrect Access Control in FailOverHelperServlet. High 123169
CVE-2018-12998 It allows remote attackers to inject arbitrary web script or HTML. Medium 123169

 

A single platter for comprehensive Network Security Device Management