Lucene search
HistoryJan 08, 2024 - 3:15 p.m.
CVE-2023-47211
manageengine
opmanager
directory traversal
arbitrary file creation
uploadmib
http request
mib file
vulnerability
cve-2023-47211
8.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
9.2 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
36.4%
A directory traversal vulnerability exists in the uploadMib functionality of ManageEngine OpManager 12.7.258. A specially crafted HTTP request can lead to arbitrary file creation. An attacker can send a malicious MiB file to trigger this vulnerability.
Affected configurations
Node
zohocorpmanageengine_firewall_analyzerRange<12.7
ORzohocorpmanageengine_firewall_analyzerMatch12.7build127000
ORzohocorpmanageengine_firewall_analyzerMatch12.7build127101
ORzohocorpmanageengine_firewall_analyzerMatch12.7build127130
ORzohocorpmanageengine_firewall_analyzerMatch12.7build127131
ORzohocorpmanageengine_firewall_analyzerMatch12.7build127187
ORzohocorpmanageengine_firewall_analyzerMatch12.7build127244
ORzohocorpmanageengine_firewall_analyzerMatch12.7build127257
ORzohocorpmanageengine_firewall_analyzerMatch12.7build127259
ORzohocorpmanageengine_netflow_analyzerRange<12.7
ORzohocorpmanageengine_netflow_analyzerMatch12.7build127000
ORzohocorpmanageengine_netflow_analyzerMatch12.7build127003
ORzohocorpmanageengine_netflow_analyzerMatch12.7build127101
ORzohocorpmanageengine_netflow_analyzerMatch12.7build127130
ORzohocorpmanageengine_netflow_analyzerMatch12.7build127131
ORzohocorpmanageengine_netflow_analyzerMatch12.7build127187
ORzohocorpmanageengine_netflow_analyzerMatch12.7build127244
ORzohocorpmanageengine_netflow_analyzerMatch12.7build127255
ORzohocorpmanageengine_netflow_analyzerMatch12.7build127257
ORzohocorpmanageengine_netflow_analyzerMatch12.7build127259
ORzohocorpmanageengine_network_configuration_managerRange<12.7
ORzohocorpmanageengine_network_configuration_managerMatch12.7build127000
ORzohocorpmanageengine_network_configuration_managerMatch12.7build127102
ORzohocorpmanageengine_network_configuration_managerMatch12.7build127105
ORzohocorpmanageengine_network_configuration_managerMatch12.7build127132
ORzohocorpmanageengine_network_configuration_managerMatch12.7build127243
ORzohocorpmanageengine_network_configuration_managerMatch12.7build127257
ORzohocorpmanageengine_network_configuration_managerMatch12.7build127259
ORzohocorpmanageengine_opmanagerRange<12.7
ORzohocorpmanageengine_opmanagerMatch12.7build127000
ORzohocorpmanageengine_opmanagerMatch12.7build127001
ORzohocorpmanageengine_opmanagerMatch12.7build127002
ORzohocorpmanageengine_opmanagerMatch12.7build127003
ORzohocorpmanageengine_opmanagerMatch12.7build127004
ORzohocorpmanageengine_opmanagerMatch12.7build127100
ORzohocorpmanageengine_opmanagerMatch12.7build127101
ORzohocorpmanageengine_opmanagerMatch12.7build127102
ORzohocorpmanageengine_opmanagerMatch12.7build127103
ORzohocorpmanageengine_opmanagerMatch12.7build127104
ORzohocorpmanageengine_opmanagerMatch12.7build127109
ORzohocorpmanageengine_opmanagerMatch12.7build127116
ORzohocorpmanageengine_opmanagerMatch12.7build127117
ORzohocorpmanageengine_opmanagerMatch12.7build127118
ORzohocorpmanageengine_opmanagerMatch12.7build127119
ORzohocorpmanageengine_opmanagerMatch12.7build127120
ORzohocorpmanageengine_opmanagerMatch12.7build127122
ORzohocorpmanageengine_opmanagerMatch12.7build127123
ORzohocorpmanageengine_opmanagerMatch12.7build127131
ORzohocorpmanageengine_opmanagerMatch12.7build127133
ORzohocorpmanageengine_opmanagerMatch12.7build127134
ORzohocorpmanageengine_opmanagerMatch12.7build127136
ORzohocorpmanageengine_opmanagerMatch12.7build127138
ORzohocorpmanageengine_opmanagerMatch12.7build127140
ORzohocorpmanageengine_opmanagerMatch12.7build127141
ORzohocorpmanageengine_opmanagerMatch12.7build127185
ORzohocorpmanageengine_opmanagerMatch12.7build127186
ORzohocorpmanageengine_opmanagerMatch12.7build127187
ORzohocorpmanageengine_opmanagerMatch12.7build127188
ORzohocorpmanageengine_opmanagerMatch12.7build127189
ORzohocorpmanageengine_opmanagerMatch12.7build127191
ORzohocorpmanageengine_opmanagerMatch12.7build127240
ORzohocorpmanageengine_opmanagerMatch12.7build127241
ORzohocorpmanageengine_opmanagerMatch12.7build127242
ORzohocorpmanageengine_opmanagerMatch12.7build127243
ORzohocorpmanageengine_opmanagerMatch12.7build127255
ORzohocorpmanageengine_opmanagerMatch12.7build127256
ORzohocorpmanageengine_opmanagerMatch12.7build127257
ORzohocorpmanageengine_opmanagerMatch12.7build127258
ORzohocorpmanageengine_opmanagerMatch12.7build127259
ORzohocorpmanageengine_opmanager_mspRange<12.7
ORzohocorpmanageengine_opmanager_mspMatch12.7build127109
ORzohocorpmanageengine_opmanager_mspMatch12.7build127122
ORzohocorpmanageengine_opmanager_mspMatch12.7build127123
ORzohocorpmanageengine_opmanager_mspMatch12.7build127138
ORzohocorpmanageengine_opmanager_mspMatch12.7build127139
ORzohocorpmanageengine_opmanager_mspMatch12.7build127140
ORzohocorpmanageengine_opmanager_mspMatch12.7build127141
ORzohocorpmanageengine_opmanager_mspMatch12.7build127142
ORzohocorpmanageengine_opmanager_mspMatch12.7build127259
ORzohocorpmanageengine_opmanager_plusRange<12.7
ORzohocorpmanageengine_opmanager_plusMatch12.7build127109
ORzohocorpmanageengine_opmanager_plusMatch12.7build127122
ORzohocorpmanageengine_opmanager_plusMatch12.7build127123
ORzohocorpmanageengine_opmanager_plusMatch12.7build127138
ORzohocorpmanageengine_opmanager_plusMatch12.7build127139
ORzohocorpmanageengine_opmanager_plusMatch12.7build127140
ORzohocorpmanageengine_opmanager_plusMatch12.7build127141
ORzohocorpmanageengine_opmanager_plusMatch12.7build127142
ORzohocorpmanageengine_opmanager_plusMatch12.7build127259
ORzohocorpmanageengine_oputilsRange<12.7
ORzohocorpmanageengine_oputilsMatch12.7build127101
ORzohocorpmanageengine_oputilsMatch12.7build127117
ORzohocorpmanageengine_oputilsMatch12.7build127134
ORzohocorpmanageengine_oputilsMatch12.7build127241
ORzohocorpmanageengine_oputilsMatch12.7build127242
ORzohocorpmanageengine_oputilsMatch12.7build127258
ORzohocorpmanageengine_oputilsMatch12.7build127259
Related
cve
cve
CVE-2023-47211
2024-01-08 15:15:25
nessus
nessus
ManageEngine OpManager Path Traversal (CVE-2023-47211)
2024-01-12 00:00:00
cvelist
cvelist
CVE-2023-47211
2024-01-08 14:45:37
prion
prion
Directory traversal
2024-01-08 15:15:00
nuclei
nuclei
ManageEngine OpManager - Directory Traversal
2024-01-13 09:35:55
talos
talos
ManageEngine OpManager uploadMib directory traversal vulnerability
2024-01-08 00:00:00
talosblog
talosblog
8.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
9.2 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
36.4%
Related for NVD:CVE-2023-47211