This page contains a list of all security vulnerabilities fixed in Firewall Analyzer along with its CVE/ZVE ID and fixed build number. Go to ManageEngine's Security Response Center to report vulnerabilities on ManageEngine products.
| CVE ID | Synopsis | Severity | Fixed in version | Link to latest build |
|---|---|---|---|---|
| CVE-2021-20078 | Folder deletion due to Path Traversal vulnerability in Sparkgateway jar | High | 12.5.362 | Download |
| CVE-2021-3287 | Unauthenticated Remote Code Execution (RCE) vulnerability due to general bypass for the deserialization class. | Critical | 12.5.220/12.5.314/12.5.329 | |
| CVE-2020-12116 | Path Traversal vulnerability in URLs starting with <cachestart> | High | 124196/125125 | |
| CVE-2020-11946 | Unauthenticated access to API key disclosure from a servlet call | High | 124188/125120 | |
| CVE-2020-11527 | Unauthenticated remote attacker can send a specially crafted URI to read arbitrary files. | High | 124181 | |
| CVE-2020-10541 | Remote Code Execution (RCE) vulnerability in Mail Server Settings v1 APIs. | High | 124172 | |
| CVE-2019-17421 | Incorrect file permissions on the packaged Nipper executable file. | Medium | 124079/124099 | |
| Internal | An operator user could access restricted folders bypassing the session. | High | 123241 | |
| CVE-2018-19403 | Unauthenticated Remote Code Execution (RCE) vulnerability. | High | 123231 | |
| CVE-2018-12997 | Incorrect Access Control in FailOverHelperServlet. | High | 123169 | |
| CVE-2018-12998 | It allows remote attackers to inject arbitrary web script or HTML. | Medium | 123169 |