List of security vulnerabilities fixed in Firewall Analyzer

This page contains a list of all security vulnerabilities fixed in Firewall Analyzer along with its CVE/ZVE ID and fixed build number. Go to ManageEngine's Security Response Center to report vulnerabilities on ManageEngine products.

CVE ID Synopsis Severity Fixed in version Link to latest build
CVE-2021-20078 Folder deletion due to Path Traversal vulnerability in Sparkgateway jar High 12.5.362 Download
CVE-2021-3287 Unauthenticated Remote Code Execution (RCE) vulnerability due to general bypass for the deserialization class. Critical 12.5.220/12.5.314/12.5.329
CVE-2020-12116 Path Traversal vulnerability in URLs starting with <cachestart> High 124196/125125
CVE-2020-11946 Unauthenticated access to API key disclosure from a servlet call High 124188/125120
CVE-2020-11527 Unauthenticated remote attacker can send a specially crafted URI to read arbitrary files. High 124181
CVE-2020-10541 Remote Code Execution (RCE) vulnerability in Mail Server Settings v1 APIs. High 124172
CVE-2019-17421 Incorrect file permissions on the packaged Nipper executable file. Medium 124079/124099
Internal An operator user could access restricted folders bypassing the session. High 123241
CVE-2018-19403 Unauthenticated Remote Code Execution (RCE) vulnerability. High 123231
CVE-2018-12997 Incorrect Access Control in FailOverHelperServlet. High 123169
CVE-2018-12998 It allows remote attackers to inject arbitrary web script or HTML. Medium 123169


A single platter for comprehensive Network Security Device Management