HTTP: Zoho ManageEngine OpManager BusinessViewFlashImpl handleBVAction CVE-2018-18980 XXE Injection Information Disclosure
This signature detects attempts to exploit a known vulnerability against Zoho ManageEngine OpManager BusinessViewFlashImpl. Successful exploitation could allow the attacker to read arbitrary files from the target system.
Extended Description
An XML External Entity injection (XXE) vulnerability exists in Zoho ManageEngine Network Configuration Manager and OpManager before 12.3.214 via the RequestXML parameter in a /devices/ProcessRequest.do GET request. For example, the attacker can trigger the transmission of local files to an arbitrary remote FTP server.
Affected Products
Zohocorp manageengine_network_configuration_manager
References
CVE: CVE-2018-18980
URL: https://www.manageengine.com/network-monitoring/help/read-me.html
Short Name
HTTP:INFO-LEAK:CVE-2018-18980XE
Severity
Minor
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
BusinessViewFlashImpl CVE-2018-18980 Disclosure Information Injection ManageEngine OpManager XXE Zoho handleBVAction
Release Date
02/25/2019
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3590
False Positive
Unknown
Vendors
Zohocorp
CVSS Score
5.0