CVE-2018-12998 Scanner
Detects 'Cross-Site Scripting (XSS)' vulnerability in Zoho ManageEngine Netflow Analyzer, Network Configuration Manager, OpManager, OpUtils and Firewall Analyzer affects v. Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147.
Short Info
Level
Medium
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 sec
Scan only one
Url
Toolbox
-
Zoho ManageEngine is a comprehensive suite of IT management tools designed to help businesses to manage their IT infrastructure from a single console. The suite is made up of several tools that perform different functions. The Network Configuration Manager helps businesses to manage network configurations and compliance, while the Firewall Analyzer provides firewall log analysis and management. The OpManager is an infrastructure monitoring tool, and the OpUtils is a set of network utilities that helps diagnose and troubleshoot network problems. The NetFlow Analyzer provides detailed network traffic analysis to help businesses understand their network traffic and optimize their network performance.
CVE-2018-12998 is a reflected Cross-site scripting (XSS) vulnerability that affects Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147. This vulnerability allows remote attackers to inject arbitrary web script or HTML via the parameter 'operation' to /servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet.
When exploited, this vulnerability can allow attackers to execute arbitrary code on the affected systems and gain access to sensitive information. The attacker can manipulate the data contained in the web page and cause it to behave maliciously, leading to the theft of user credentials, session hijacking, and other attacks.
In conclusion, it is important for businesses to protect their IT infrastructure from vulnerabilities such as CVE-2018-12998. Thanks to the pro features of the securityforeveryone.com platform, businesses can quickly and easily learn about vulnerabilities in their digital assets and take proactive steps to protect themselves. With this in mind, companies can maintain the integrity and security of their IT infrastructure and continue to provide excellent service to their clients.
REFERENCES
control security posture