Directory traversal

2024-01-0815:15:00

PRIOn knowledge base

www.prio-n.com

directory traversal

vulnerability

manageengine opmanager

arbitrary file creation

crafted http request

nvd

7.2 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

36.4%

JSON

A directory traversal vulnerability exists in the uploadMib functionality of ManageEngine OpManager 12.7.258. A specially crafted HTTP request can lead to arbitrary file creation. An attacker can send a malicious MiB file to trigger this vulnerability.

CPENameOperatorVersion
manageengine_firewall_analyzereq12.7 build127000
manageengine_firewall_analyzereq12.7 build127101
manageengine_firewall_analyzereq12.7 build127130
manageengine_firewall_analyzereq12.7 build127131
manageengine_firewall_analyzereq12.7 build127187
manageengine_firewall_analyzerlt12.7
manageengine_firewall_analyzereq12.7 build127259
manageengine_firewall_analyzereq12.7 build127244
manageengine_firewall_analyzereq12.7 build127257
manageengine_netflow_analyzereq12.7 build127257

Name	Operator	Version
manageengine_firewall_analyzer	eq	12.7 build127000
manageengine_firewall_analyzer	eq	12.7 build127101
manageengine_firewall_analyzer	eq	12.7 build127130
manageengine_firewall_analyzer	eq	12.7 build127131
manageengine_firewall_analyzer	eq	12.7 build127187
manageengine_firewall_analyzer	lt	12.7
manageengine_firewall_analyzer	eq	12.7 build127259
manageengine_firewall_analyzer	eq	12.7 build127244
manageengine_firewall_analyzer	eq	12.7 build127257
manageengine_netflow_analyzer	eq	12.7 build127257