CVE-2018-12998
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
Percentile
99.7%
A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 allows remote attackers to inject arbitrary web script or HTML via the parameter ‘operation’ to /servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| zohocorp | firewall_analyzer | - | cpe:2.3:a:zohocorp:firewall_analyzer:-:*:*:*:*:*:*:* |
| zohocorp | manageengine_netflow_analyzer | - | cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:-:*:*:*:*:*:*:* |
| zohocorp | manageengine_network_configuration_manager | - | cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:-:*:*:*:*:*:*:* |
| zohocorp | manageengine_opmanager | - | cpe:2.3:a:zohocorp:manageengine_opmanager:-:*:*:*:*:*:*:* |
| zohocorp | manageengine_oputils | - | cpe:2.3:a:zohocorp:manageengine_oputils:-:*:*:*:*:*:*:* |
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
Percentile
99.7%