National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

CVE-2018-20339 Detail

Current Description

Zoho ManageEngine OpManager 12.3 before build 123239 allows XSS in the Notes column of the Alarms section.

Source:  MITRE
Description Last Modified:  12/21/2018
View Analysis Description

Impact

CVSS v3.0 Severity and Metrics:

Base Score: 6.1 MEDIUM
Vector: AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N (V3 legend)
Impact Score: 2.7
Exploitability Score: 2.8


Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope (S): Changed
Confidentiality (C): Low
Integrity (I): Low
Availability (A): None

CVSS v2.0 Severity and Metrics:

Base Score: 4.3 MEDIUM
Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) (V2 legend)
Impact Subscore: 2.9
Exploitability Subscore: 8.6


Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (AU): None
Confidentiality (C): None
Integrity (I): Partial
Availability (A): None
Additional Information:
Victim must voluntarily interact with attack mechanism
Allows unauthorized modification

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource
http://www.securityfocus.com/bid/106302 Third Party Advisory VDB Entry
https://www.manageengine.com/network-monitoring/help/read-me.html Release Notes Vendor Advisory

Technical Details

Vulnerability Type (View All)

  • Cross-Site Scripting (XSS) (CWE-79)

Vulnerable software and versions Switch to CPE 2.3

Configuration 1
OR
cpe:/a:zohocorp:manageengine_opmanager:12.3:12300
cpe:/a:zohocorp:manageengine_opmanager:12.3:123001
cpe:/a:zohocorp:manageengine_opmanager:12.3:123002
cpe:/a:zohocorp:manageengine_opmanager:12.3:123003
cpe:/a:zohocorp:manageengine_opmanager:12.3:123004
cpe:/a:zohocorp:manageengine_opmanager:12.3:123005
cpe:/a:zohocorp:manageengine_opmanager:12.3:123006
cpe:/a:zohocorp:manageengine_opmanager:12.3:123007
cpe:/a:zohocorp:manageengine_opmanager:12.3:123008
cpe:/a:zohocorp:manageengine_opmanager:12.3:123009
cpe:/a:zohocorp:manageengine_opmanager:12.3:123010
cpe:/a:zohocorp:manageengine_opmanager:12.3:123011
cpe:/a:zohocorp:manageengine_opmanager:12.3:123012
cpe:/a:zohocorp:manageengine_opmanager:12.3:123013
cpe:/a:zohocorp:manageengine_opmanager:12.3:123014
cpe:/a:zohocorp:manageengine_opmanager:12.3:123015
cpe:/a:zohocorp:manageengine_opmanager:12.3:123021
cpe:/a:zohocorp:manageengine_opmanager:12.3:123022
cpe:/a:zohocorp:manageengine_opmanager:12.3:123023
cpe:/a:zohocorp:manageengine_opmanager:12.3:123024
cpe:/a:zohocorp:manageengine_opmanager:12.3:123025
cpe:/a:zohocorp:manageengine_opmanager:12.3:123026
cpe:/a:zohocorp:manageengine_opmanager:12.3:123027
cpe:/a:zohocorp:manageengine_opmanager:12.3:123028
cpe:/a:zohocorp:manageengine_opmanager:12.3:123029
cpe:/a:zohocorp:manageengine_opmanager:12.3:123030
cpe:/a:zohocorp:manageengine_opmanager:12.3:123031
cpe:/a:zohocorp:manageengine_opmanager:12.3:123032
cpe:/a:zohocorp:manageengine_opmanager:12.3:123033
cpe:/a:zohocorp:manageengine_opmanager:12.3:123034
cpe:/a:zohocorp:manageengine_opmanager:12.3:123035
cpe:/a:zohocorp:manageengine_opmanager:12.3:123036
cpe:/a:zohocorp:manageengine_opmanager:12.3:123037
cpe:/a:zohocorp:manageengine_opmanager:12.3:123043
cpe:/a:zohocorp:manageengine_opmanager:12.3:123044
cpe:/a:zohocorp:manageengine_opmanager:12.3:123045
cpe:/a:zohocorp:manageengine_opmanager:12.3:123046
cpe:/a:zohocorp:manageengine_opmanager:12.3:123047
cpe:/a:zohocorp:manageengine_opmanager:12.3:123048
cpe:/a:zohocorp:manageengine_opmanager:12.3:123049
cpe:/a:zohocorp:manageengine_opmanager:12.3:123050
cpe:/a:zohocorp:manageengine_opmanager:12.3:123051
cpe:/a:zohocorp:manageengine_opmanager:12.3:123052
cpe:/a:zohocorp:manageengine_opmanager:12.3:123053
cpe:/a:zohocorp:manageengine_opmanager:12.3:123054
cpe:/a:zohocorp:manageengine_opmanager:12.3:123055
cpe:/a:zohocorp:manageengine_opmanager:12.3:123056
cpe:/a:zohocorp:manageengine_opmanager:12.3:123057
cpe:/a:zohocorp:manageengine_opmanager:12.3:123062
cpe:/a:zohocorp:manageengine_opmanager:12.3:123063
cpe:/a:zohocorp:manageengine_opmanager:12.3:123064
cpe:/a:zohocorp:manageengine_opmanager:12.3:123065
cpe:/a:zohocorp:manageengine_opmanager:12.3:123066
cpe:/a:zohocorp:manageengine_opmanager:12.3:123067
cpe:/a:zohocorp:manageengine_opmanager:12.3:123068
cpe:/a:zohocorp:manageengine_opmanager:12.3:123069
cpe:/a:zohocorp:manageengine_opmanager:12.3:123070
cpe:/a:zohocorp:manageengine_opmanager:12.3:123076
cpe:/a:zohocorp:manageengine_opmanager:12.3:123077
cpe:/a:zohocorp:manageengine_opmanager:12.3:123078
cpe:/a:zohocorp:manageengine_opmanager:12.3:123079
cpe:/a:zohocorp:manageengine_opmanager:12.3:123080
cpe:/a:zohocorp:manageengine_opmanager:12.3:123081
cpe:/a:zohocorp:manageengine_opmanager:12.3:123082
cpe:/a:zohocorp:manageengine_opmanager:12.3:123083
cpe:/a:zohocorp:manageengine_opmanager:12.3:123084
cpe:/a:zohocorp:manageengine_opmanager:12.3:123086
cpe:/a:zohocorp:manageengine_opmanager:12.3:123090
cpe:/a:zohocorp:manageengine_opmanager:12.3:123091
cpe:/a:zohocorp:manageengine_opmanager:12.3:123092
cpe:/a:zohocorp:manageengine_opmanager:12.3:123093
cpe:/a:zohocorp:manageengine_opmanager:12.3:123104
cpe:/a:zohocorp:manageengine_opmanager:12.3:123105
cpe:/a:zohocorp:manageengine_opmanager:12.3:123106
cpe:/a:zohocorp:manageengine_opmanager:12.3:123107
cpe:/a:zohocorp:manageengine_opmanager:12.3:123108
cpe:/a:zohocorp:manageengine_opmanager:12.3:123109
cpe:/a:zohocorp:manageengine_opmanager:12.3:123110
cpe:/a:zohocorp:manageengine_opmanager:12.3:123111
cpe:/a:zohocorp:manageengine_opmanager:12.3:123112
cpe:/a:zohocorp:manageengine_opmanager:12.3:123113
cpe:/a:zohocorp:manageengine_opmanager:12.3:123114
cpe:/a:zohocorp:manageengine_opmanager:12.3:123115
cpe:/a:zohocorp:manageengine_opmanager:12.3:123116
cpe:/a:zohocorp:manageengine_opmanager:12.3:123117
cpe:/a:zohocorp:manageengine_opmanager:12.3:123118
cpe:/a:zohocorp:manageengine_opmanager:12.3:123119
cpe:/a:zohocorp:manageengine_opmanager:12.3:123120
cpe:/a:zohocorp:manageengine_opmanager:12.3:123121
cpe:/a:zohocorp:manageengine_opmanager:12.3:123122
cpe:/a:zohocorp:manageengine_opmanager:12.3:123123
cpe:/a:zohocorp:manageengine_opmanager:12.3:123124
cpe:/a:zohocorp:manageengine_opmanager:12.3:123125
cpe:/a:zohocorp:manageengine_opmanager:12.3:123126
cpe:/a:zohocorp:manageengine_opmanager:12.3:123127
cpe:/a:zohocorp:manageengine_opmanager:12.3:123136
cpe:/a:zohocorp:manageengine_opmanager:12.3:123137
cpe:/a:zohocorp:manageengine_opmanager:12.3:123147
cpe:/a:zohocorp:manageengine_opmanager:12.3:123148
cpe:/a:zohocorp:manageengine_opmanager:12.3:123149
cpe:/a:zohocorp:manageengine_opmanager:12.3:123150
Showing 100 of 152 CPEs, view all CPEs here.

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

2 change records found - show changes

Quick Info

CVE Dictionary Entry:
CVE-2018-20339
NVD Published Date:
12/21/2018
NVD Last Modified:
01/04/2019