The Custom Report import function in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123224 is vulnerable to XML External Entity (XXE) Injection.
The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Manageengine_firewall_analyzer | Zohocorp | 7.2-7020 (including) | 7.2-7020 (including) |
| Manageengine_firewall_analyzer | Zohocorp | 7.2-7021 (including) | 7.2-7021 (including) |
| Manageengine_firewall_analyzer | Zohocorp | 7.4-7400 (including) | 7.4-7400 (including) |
| Manageengine_firewall_analyzer | Zohocorp | 7.6-7600 (including) | 7.6-7600 (including) |
| Manageengine_firewall_analyzer | Zohocorp | 8.0-8000 (including) | 8.0-8000 (including) |
| Manageengine_firewall_analyzer | Zohocorp | 8.1-8110 (including) | 8.1-8110 (including) |
| Manageengine_firewall_analyzer | Zohocorp | 8.3-8300 (including) | 8.3-8300 (including) |
| Manageengine_firewall_analyzer | Zohocorp | 8.5-8500 (including) | 8.5-8500 (including) |
| Manageengine_firewall_analyzer | Zohocorp | 12.0-12000 (including) | 12.0-12000 (including) |
| Manageengine_firewall_analyzer | Zohocorp | 12.2-12200 (including) | 12.2-12200 (including) |
| Manageengine_firewall_analyzer | Zohocorp | 12.3-12300 (including) | 12.3-12300 (including) |
| Manageengine_firewall_analyzer | Zohocorp | 12.3-123008 (including) | 12.3-123008 (including) |
| Manageengine_firewall_analyzer | Zohocorp | 12.3-123027 (including) | 12.3-123027 (including) |
| Manageengine_firewall_analyzer | Zohocorp | 12.3-123045 (including) | 12.3-123045 (including) |
| Manageengine_firewall_analyzer | Zohocorp | 12.3-123057 (including) | 12.3-123057 (including) |
| Manageengine_firewall_analyzer | Zohocorp | 12.3-123064 (including) | 12.3-123064 (including) |
| Manageengine_firewall_analyzer | Zohocorp | 12.3-123070 (including) | 12.3-123070 (including) |
| Manageengine_firewall_analyzer | Zohocorp | 12.3-123083 (including) | 12.3-123083 (including) |
| Manageengine_firewall_analyzer | Zohocorp | 12.3-123092 (including) | 12.3-123092 (including) |
| Manageengine_firewall_analyzer | Zohocorp | 12.3-123126 (including) | 12.3-123126 (including) |
| Manageengine_firewall_analyzer | Zohocorp | 12.3-123129 (including) | 12.3-123129 (including) |
| Manageengine_firewall_analyzer | Zohocorp | 12.3-123137 (including) | 12.3-123137 (including) |
| Manageengine_firewall_analyzer | Zohocorp | 12.3-123151 (including) | 12.3-123151 (including) |
| Manageengine_firewall_analyzer | Zohocorp | 12.3-123156 (including) | 12.3-123156 (including) |
| Manageengine_firewall_analyzer | Zohocorp | 12.3-123164 (including) | 12.3-123164 (including) |
| Manageengine_firewall_analyzer | Zohocorp | 12.3-123169 (including) | 12.3-123169 (including) |
| Manageengine_firewall_analyzer | Zohocorp | 12.3-123177 (including) | 12.3-123177 (including) |
| Manageengine_firewall_analyzer | Zohocorp | 12.3-123182 (including) | 12.3-123182 (including) |
| Manageengine_firewall_analyzer | Zohocorp | 12.3-123185 (including) | 12.3-123185 (including) |
| Manageengine_firewall_analyzer | Zohocorp | 12.3-123186 (including) | 12.3-123186 (including) |
| Manageengine_firewall_analyzer | Zohocorp | 12.3-123194 (including) | 12.3-123194 (including) |
| Manageengine_firewall_analyzer | Zohocorp | 12.3-123197 (including) | 12.3-123197 (including) |
| Manageengine_firewall_analyzer | Zohocorp | 12.3-123208 (including) | 12.3-123208 (including) |
| Manageengine_firewall_analyzer | Zohocorp | 12.3-123218 (including) | 12.3-123218 (including) |
| Manageengine_firewall_analyzer | Zohocorp | 12.3-123222 (including) | 12.3-123222 (including) |
| Manageengine_firewall_analyzer | Zohocorp | 12.3-123223 (including) | 12.3-123223 (including) |