This page contains a list of all security vulnerabilities fixed in Firewall Analyzer along with its CVE/ZVE ID and fixed build number. Go to ManageEngine's Security Response Center to report vulnerabilities on ManageEngine products.
CVE ID | Synopsis | Severity | Fixed in version | Link to latest build |
---|---|---|---|---|
CVE-2022-36923 | A vulnerability resulted in unauthenticated access of the user API key. This issue has been fixed now. (Reported by Anonymous working with Trend Micro Zero Day Initiative) | Critical | 126118 / 126104 / 126002 / 125657 | Download |
CVE-2022-35404 | Unauthorized creation of files lead to high resource consumption. This has been fixed now.(Reported by Tenable) | Medium | 12.5.639/ 12.5.655/ 12.6.101 | |
CVE-2021-43319 | Earlier, there was a Remote Code Execution (RCE) vulnerability in the Ping functionality. This issue has been fixed now. | High | 12.5.488 | |
CVE-2021-20078 | Folder deletion due to Path Traversal vulnerability in Sparkgateway jar | High | 12.5.362 | |
CVE-2021-3287 | Unauthenticated Remote Code Execution (RCE) vulnerability due to general bypass for the deserialization class. | Critical | 12.5.220/12.5.314/12.5.329 | |
CVE-2020-12116 | Path Traversal vulnerability in URLs starting with <cachestart> | High | 12.4.196/12.5.125 | |
CVE-2020-11946 | Unauthenticated access to API key disclosure from a servlet call | High | 12.4.188/12.5.120 | |
CVE-2020-11527 | Unauthenticated remote attacker can send a specially crafted URI to read arbitrary files. | High | 12.4.181 | |
CVE-2020-10541 | Remote Code Execution (RCE) vulnerability in Mail Server Settings v1 APIs. | High | 12.4.172 | |
CVE-2019-17421 | Incorrect file permissions on the packaged Nipper executable file. | Medium | 12.4.079/12.4.099 | |
Internal | An operator user could access restricted folders bypassing the session. | High | 12.3.241 | |
CVE-2018-19403 | Unauthenticated Remote Code Execution (RCE) vulnerability. | High | 12.3.231 | |
CVE-2018-12997 | Incorrect Access Control in FailOverHelperServlet. | High | 12.3.169 | |
CVE-2018-12998 | It allows remote attackers to inject arbitrary web script or HTML. | Medium | 12.3.169 |