Security Updates - CVE Database
Home » Security Updates » CVE-2018-12997

CVE-2018-12997

Incorrect Access Control in FailOverHelperServlet

 

Vulnerability Details
ImpactCVSS V3 rating: 7.5 (High)
Reported29 Jun 2018
Fixed29 Nov 2018
Affected BuildsTill Build 123147
Fixed inBuild 123231
OverviewIncorrect Access Control in FailOverHelperServlet
Recommended FixUpgrade to Firewall Analyzer Version 12.3.231 or above.

 

Description

Incorrect Access Control in FailOverHelperServlet in Firewall Analyzer before build 123147 allows attackers to read certain files on the web server without login by sending a specially crafted request to the server with the operation=copyfile&fileName= substring.

We recommend that you upgrade to Firewall Analyzer version 12.3.231 and above to fix this issue.

Source and Acknowledgements

Find out more about CVE-2018-12997 from the CVE dictionary.

Need Help?

For clarification or corrections please contact our support team or email us at fwanalyzer-support@manageengine.com

A single platter for comprehensive Network Security Device Management
Quick LinksNetwork Bandwidth ReportsNetwork Security & Device MgmtLog ManagementCompliance &amp MSSP Features