Security Updates - CVE-2018-12998 | ManageEngine Firewall Analyzer

CVE-2018-12998

A reflected Cross-site scripting (XSS) vulnerability

Vulnerability Details
Impact	CVSS V3 rating: 6.1 (Medium)
Reported	29 Jun 2018
Fixed	29 Nov 2018
Affected Builds	Till Build 123147
Fixed in	Build 123169
Overview	A reflected Cross-site scripting (XSS) vulnerability
Recommended Fix	Upgrade to Firewall Analyzer Version 12.3.231 or above.

Description

A reflected Cross-site scripting (XSS) vulnerability in Firewall Analyzer before build 123147 allows remote attackers to inject arbitrary web script or HTML via the parameter 'operation' to
/servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet.

We recommend that you upgrade to Firewall Analyzer version 12.3.231 and above to fix this issue.

Source and Acknowledgements

Find out more about CVE-2018-12998 from the CVE dictionary.

Need Help?

For clarification or corrections please contact our support team or email us at fwanalyzer-support@manageengine.com