Lucene search

TalosCVE-2023-47211

HistoryJan 08, 2024 - 3:15 p.m.

CVE-2023-47211

2024-01-0815:15:25

CWE-22

talos

web.nvd.nist.gov

cve-2023-47211

directory traversal

manageengine opmanager

arbitrary file creation

vulnerability

nvd

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L

AI Score

8.4

Confidence

High

EPSS

0.001

Percentile

36.4%

JSON

A directory traversal vulnerability exists in the uploadMib functionality of ManageEngine OpManager 12.7.258. A specially crafted HTTP request can lead to arbitrary file creation. An attacker can send a malicious MiB file to trigger this vulnerability.

Affected configurations

Nvd

Vulners

Node

zohocorpmanageengine_firewall_analyzerRange<12.7

zohocorpmanageengine_firewall_analyzerMatch12.7build127000

zohocorpmanageengine_firewall_analyzerMatch12.7build127101

zohocorpmanageengine_firewall_analyzerMatch12.7build127130

zohocorpmanageengine_firewall_analyzerMatch12.7build127131

zohocorpmanageengine_firewall_analyzerMatch12.7build127187

zohocorpmanageengine_firewall_analyzerMatch12.7build127244

zohocorpmanageengine_firewall_analyzerMatch12.7build127257

zohocorpmanageengine_firewall_analyzerMatch12.7build127259

zohocorpmanageengine_netflow_analyzerRange<12.7

zohocorpmanageengine_netflow_analyzerMatch12.7build127000

zohocorpmanageengine_netflow_analyzerMatch12.7build127003

zohocorpmanageengine_netflow_analyzerMatch12.7build127101

zohocorpmanageengine_netflow_analyzerMatch12.7build127130

zohocorpmanageengine_netflow_analyzerMatch12.7build127131

zohocorpmanageengine_netflow_analyzerMatch12.7build127187

zohocorpmanageengine_netflow_analyzerMatch12.7build127244

zohocorpmanageengine_netflow_analyzerMatch12.7build127255

zohocorpmanageengine_netflow_analyzerMatch12.7build127257

zohocorpmanageengine_netflow_analyzerMatch12.7build127259

zohocorpmanageengine_network_configuration_managerRange<12.7

zohocorpmanageengine_network_configuration_managerMatch12.7build127000

zohocorpmanageengine_network_configuration_managerMatch12.7build127102

zohocorpmanageengine_network_configuration_managerMatch12.7build127105

zohocorpmanageengine_network_configuration_managerMatch12.7build127132

zohocorpmanageengine_network_configuration_managerMatch12.7build127243

zohocorpmanageengine_network_configuration_managerMatch12.7build127257

zohocorpmanageengine_network_configuration_managerMatch12.7build127259

zohocorpmanageengine_opmanagerRange<12.7

zohocorpmanageengine_opmanagerMatch12.7build127000

zohocorpmanageengine_opmanagerMatch12.7build127001

zohocorpmanageengine_opmanagerMatch12.7build127002

zohocorpmanageengine_opmanagerMatch12.7build127003

zohocorpmanageengine_opmanagerMatch12.7build127004

zohocorpmanageengine_opmanagerMatch12.7build127100

zohocorpmanageengine_opmanagerMatch12.7build127101

zohocorpmanageengine_opmanagerMatch12.7build127102

zohocorpmanageengine_opmanagerMatch12.7build127103

zohocorpmanageengine_opmanagerMatch12.7build127104

zohocorpmanageengine_opmanagerMatch12.7build127109

zohocorpmanageengine_opmanagerMatch12.7build127116

zohocorpmanageengine_opmanagerMatch12.7build127117

zohocorpmanageengine_opmanagerMatch12.7build127118

zohocorpmanageengine_opmanagerMatch12.7build127119

zohocorpmanageengine_opmanagerMatch12.7build127120

zohocorpmanageengine_opmanagerMatch12.7build127122

zohocorpmanageengine_opmanagerMatch12.7build127123

zohocorpmanageengine_opmanagerMatch12.7build127131

zohocorpmanageengine_opmanagerMatch12.7build127133

zohocorpmanageengine_opmanagerMatch12.7build127134

zohocorpmanageengine_opmanagerMatch12.7build127136

zohocorpmanageengine_opmanagerMatch12.7build127138

zohocorpmanageengine_opmanagerMatch12.7build127140

zohocorpmanageengine_opmanagerMatch12.7build127141

zohocorpmanageengine_opmanagerMatch12.7build127185

zohocorpmanageengine_opmanagerMatch12.7build127186

zohocorpmanageengine_opmanagerMatch12.7build127187

zohocorpmanageengine_opmanagerMatch12.7build127188

zohocorpmanageengine_opmanagerMatch12.7build127189

zohocorpmanageengine_opmanagerMatch12.7build127191

zohocorpmanageengine_opmanagerMatch12.7build127240

zohocorpmanageengine_opmanagerMatch12.7build127241

zohocorpmanageengine_opmanagerMatch12.7build127242

zohocorpmanageengine_opmanagerMatch12.7build127243

zohocorpmanageengine_opmanagerMatch12.7build127255

zohocorpmanageengine_opmanagerMatch12.7build127256

zohocorpmanageengine_opmanagerMatch12.7build127257

zohocorpmanageengine_opmanagerMatch12.7build127258

zohocorpmanageengine_opmanagerMatch12.7build127259

zohocorpmanageengine_opmanager_mspRange<12.7

zohocorpmanageengine_opmanager_mspMatch12.7build127109

zohocorpmanageengine_opmanager_mspMatch12.7build127122

zohocorpmanageengine_opmanager_mspMatch12.7build127123

zohocorpmanageengine_opmanager_mspMatch12.7build127138

zohocorpmanageengine_opmanager_mspMatch12.7build127139

zohocorpmanageengine_opmanager_mspMatch12.7build127140

zohocorpmanageengine_opmanager_mspMatch12.7build127141

zohocorpmanageengine_opmanager_mspMatch12.7build127142

zohocorpmanageengine_opmanager_mspMatch12.7build127259

zohocorpmanageengine_opmanager_plusRange<12.7

zohocorpmanageengine_opmanager_plusMatch12.7build127109

zohocorpmanageengine_opmanager_plusMatch12.7build127122

zohocorpmanageengine_opmanager_plusMatch12.7build127123

zohocorpmanageengine_opmanager_plusMatch12.7build127138

zohocorpmanageengine_opmanager_plusMatch12.7build127139

zohocorpmanageengine_opmanager_plusMatch12.7build127140

zohocorpmanageengine_opmanager_plusMatch12.7build127141

zohocorpmanageengine_opmanager_plusMatch12.7build127142

zohocorpmanageengine_opmanager_plusMatch12.7build127259

zohocorpmanageengine_oputilsRange<12.7

zohocorpmanageengine_oputilsMatch12.7build127101

zohocorpmanageengine_oputilsMatch12.7build127117

zohocorpmanageengine_oputilsMatch12.7build127134

zohocorpmanageengine_oputilsMatch12.7build127241

zohocorpmanageengine_oputilsMatch12.7build127242

zohocorpmanageengine_oputilsMatch12.7build127258

zohocorpmanageengine_oputilsMatch12.7build127259

VendorProductVersionCPE
zohocorpmanageengine_firewall_analyzer*cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:*:*:*:*:*:*:*:*
zohocorpmanageengine_firewall_analyzer12.7cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.7:build127000:*:*:*:*:*:*
zohocorpmanageengine_firewall_analyzer12.7cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.7:build127101:*:*:*:*:*:*
zohocorpmanageengine_firewall_analyzer12.7cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.7:build127130:*:*:*:*:*:*
zohocorpmanageengine_firewall_analyzer12.7cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.7:build127131:*:*:*:*:*:*
zohocorpmanageengine_firewall_analyzer12.7cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.7:build127187:*:*:*:*:*:*
zohocorpmanageengine_firewall_analyzer12.7cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.7:build127244:*:*:*:*:*:*
zohocorpmanageengine_firewall_analyzer12.7cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.7:build127257:*:*:*:*:*:*
zohocorpmanageengine_firewall_analyzer12.7cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.7:build127259:*:*:*:*:*:*
zohocorpmanageengine_netflow_analyzer*cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
zohocorp	manageengine_firewall_analyzer	*	cpe:2.3:a:zohocorp:manageengine_firewall_analyzer::::::::
zohocorp	manageengine_firewall_analyzer	12.7	cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.7:build127000::::::
zohocorp	manageengine_firewall_analyzer	12.7	cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.7:build127101::::::
zohocorp	manageengine_firewall_analyzer	12.7	cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.7:build127130::::::
zohocorp	manageengine_firewall_analyzer	12.7	cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.7:build127131::::::
zohocorp	manageengine_firewall_analyzer	12.7	cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.7:build127187::::::
zohocorp	manageengine_firewall_analyzer	12.7	cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.7:build127244::::::
zohocorp	manageengine_firewall_analyzer	12.7	cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.7:build127257::::::
zohocorp	manageengine_firewall_analyzer	12.7	cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.7:build127259::::::
zohocorp	manageengine_netflow_analyzer	*	cpe:2.3:a:zohocorp:manageengine_netflow_analyzer::::::::

Rows per page:

1-10 of 971

CNA Affected

[
  {
    "vendor": "ManageEngine",
    "product": "OpManager",
    "versions": [
      {
        "version": "12.7.258",
        "status": "affected"
      }
    ]
  }
]