Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-4889

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2012-4889
Last Modified 11 Sep 2012 12:50:50
Published 10 Sep 2012 06:55:07
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-4889

Summary

Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Firewall Analyzer 7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) subTab or (2) tab parameter to createAnomaly.do; (3) url, (4) subTab, or (5) tab parameter to mindex.do; (6) tab parameter to index2.do; or (7) port parameter to syslogViewer.do.

Vulnerable Systems

Application

  • Manageengine Firewall Analyzer 7.2


References

XF - firewallanalyzer-multiple-xss(74538)

MISC - http://www.vulnerability-lab.com/get_content.php?id=437

BID - 52841

SECUNIA - 48657

MISC - http://packetstormsecurity.org/files/111474/VL-437.txt

OSVDB - 80875

OSVDB - 80874

OSVDB - 80873

OSVDB - 80872


Last Updated: 27 May 2016 11:00:32