CVE-2019-11677 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitre	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 90%

Vendor	Product	Version
zohocorp	manageengine_firewall_analyzer	7.2:7020
zohocorp	manageengine_firewall_analyzer	7.2:7021
zohocorp	manageengine_firewall_analyzer	7.4:7400
zohocorp	manageengine_firewall_analyzer	7.6:7600
zohocorp	manageengine_firewall_analyzer	8.0:8000
zohocorp	manageengine_firewall_analyzer	8.1:8110
zohocorp	manageengine_firewall_analyzer	8.3:8300
zohocorp	manageengine_firewall_analyzer	8.5:8500
zohocorp	manageengine_firewall_analyzer	12.0:12000
zohocorp	manageengine_firewall_analyzer	12.2:12200
zohocorp	manageengine_firewall_analyzer	12.3:12300
zohocorp	manageengine_firewall_analyzer	12.3:123008
zohocorp	manageengine_firewall_analyzer	12.3:123027
zohocorp	manageengine_firewall_analyzer	12.3:123045
zohocorp	manageengine_firewall_analyzer	12.3:123057
zohocorp	manageengine_firewall_analyzer	12.3:123064
zohocorp	manageengine_firewall_analyzer	12.3:123070
zohocorp	manageengine_firewall_analyzer	12.3:123083
zohocorp	manageengine_firewall_analyzer	12.3:123092
zohocorp	manageengine_firewall_analyzer	12.3:123126
zohocorp	manageengine_firewall_analyzer	12.3:123129
zohocorp	manageengine_firewall_analyzer	12.3:123137
zohocorp	manageengine_firewall_analyzer	12.3:123151
zohocorp	manageengine_firewall_analyzer	12.3:123156
zohocorp	manageengine_firewall_analyzer	12.3:123164
zohocorp	manageengine_firewall_analyzer	12.3:123169
zohocorp	manageengine_firewall_analyzer	12.3:123177
zohocorp	manageengine_firewall_analyzer	12.3:123182
zohocorp	manageengine_firewall_analyzer	12.3:123185
zohocorp	manageengine_firewall_analyzer	12.3:123186
zohocorp	manageengine_firewall_analyzer	12.3:123194
zohocorp	manageengine_firewall_analyzer	12.3:123197
zohocorp	manageengine_firewall_analyzer	12.3:123208
zohocorp	manageengine_firewall_analyzer	12.3:123218
zohocorp	manageengine_firewall_analyzer	12.3:123222
zohocorp	manageengine_firewall_analyzer	12.3:123223

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-611 - Improper Restriction of XML External Entity Reference
The software processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

References

https://www.manageengine.com/products/firewall/release-notes.html