Security for everyone

CVE-2018-12998 Scanner

Detects 'Cross-Site Scripting (XSS)' vulnerability in Zoho ManageEngine Netflow Analyzer, Network Configuration Manager, OpManager, OpUtils and Firewall Analyzer affects v. Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147.

SCAN NOW

Short Info


Level

Medium

Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

10 sec

Scan only one

Url

Source

-

Zoho ManageEngine is a comprehensive suite of IT management tools designed to help businesses to manage their IT infrastructure from a single console. The suite is made up of several tools that perform different functions. The Network Configuration Manager helps businesses to manage network configurations and compliance, while the Firewall Analyzer provides firewall log analysis and management. The OpManager is an infrastructure monitoring tool, and the OpUtils is a set of network utilities that helps diagnose and troubleshoot network problems. The NetFlow Analyzer provides detailed network traffic analysis to help businesses understand their network traffic and optimize their network performance. 

CVE-2018-12998 is a reflected Cross-site scripting (XSS) vulnerability that affects Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147. This vulnerability allows remote attackers to inject arbitrary web script or HTML via the parameter 'operation' to /servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet.

When exploited, this vulnerability can allow attackers to execute arbitrary code on the affected systems and gain access to sensitive information. The attacker can manipulate the data contained in the web page and cause it to behave maliciously, leading to the theft of user credentials, session hijacking, and other attacks.

In conclusion, it is important for businesses to protect their IT infrastructure from vulnerabilities such as CVE-2018-12998. Thanks to the pro features of the securityforeveryone.com platform, businesses can quickly and easily learn about vulnerabilities in their digital assets and take proactive steps to protect themselves. With this in mind, companies can maintain the integrity and security of their IT infrastructure and continue to provide excellent service to their clients.

 

REFERENCES

cyber security services for everyone one. Free security tools, continuous vulnerability scanning and many more.
Try it yourself,
control security posture