Vulnerability Details CVE-2019-11678
The "default reports" feature in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123218 is vulnerable to SQL Injection.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.304
EPSS Ranking 96.5%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
Products affected by CVE-2019-11678
-
cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.0
-
cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.2
-
cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.3
-
cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:7.2
-
cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:7.4
-
cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:7.6
-
cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:8.0
-
cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:8.1
-
cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:8.3
-
cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:8.5