A directory traversal vulnerability exists in the uploadMib functionality of ManageEngine OpManager 12.7.258. A specially crafted HTTP request can lead to arbitrary file creation. An attacker can send a malicious MiB file to trigger this vulnerability.
References
Link | Resource |
---|---|
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1851 | Exploit Third Party Advisory |
https://www.manageengine.com/itom/advisory/cve-2023-47211.html | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
12 Jan 2024, 18:44
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127186:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.7:build127000:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.7:build127141:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.7:build127132:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127240:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.7:build127109:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.7:build127000:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127141:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.7:build127105:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.7:build127130:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127191:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127120:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127003:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.7:build127259:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.7:build127244:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127000:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.7:build127142:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.7:build127139:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.7:build127257:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_oputils:12.7:build127241:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:*:*:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127123:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.7:build127257:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.7:build127187:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127001:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127100:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127109:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127256:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127103:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127004:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127134:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.7:build127102:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127101:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.7:build127139:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127241:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.7:build127122:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127116:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127259:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_oputils:12.7:build127258:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127131:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127258:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.7:build127138:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.7:build127101:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.7:build127122:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.7:build127109:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.7:build127138:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127119:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.7:build127255:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.7:build127259:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127242:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127188:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.7:build127130:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager_msp:*:*:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.7:build127142:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127104:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.7:build127140:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127133:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.7:build127140:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127118:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127122:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127102:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:*:*:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127243:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127136:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.7:build127187:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.7:build127244:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager_plus:*:*:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:*:*:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127117:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.7:build127003:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.7:build127259:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.7:build127257:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.7:build127131:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_oputils:12.7:build127134:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127002:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.7:build127131:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_oputils:12.7:build127242:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_oputils:12.7:build127101:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.7:build127243:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127255:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.7:build127259:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_oputils:12.7:build127259:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.7:build127123:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127138:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_oputils:*:*:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127185:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127189:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager:*:*:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.7:build127141:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_oputils:12.7:build127117:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127140:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127187:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.7:build127259:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.7:build127101:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.7:build127000:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.7:build127123:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127257:*:*:*:*:*:* |
|
References | () https://www.manageengine.com/itom/advisory/cve-2023-47211.html - Vendor Advisory | |
References | () https://talosintelligence.com/vulnerability_reports/TALOS-2023-1851 - Exploit, Third Party Advisory | |
CWE | CWE-22 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.6 |
First Time |
Zohocorp manageengine Opmanager Msp
Zohocorp manageengine Opmanager Plus Zohocorp manageengine Opmanager Zohocorp manageengine Firewall Analyzer Zohocorp Zohocorp manageengine Oputils Zohocorp manageengine Netflow Analyzer Zohocorp manageengine Network Configuration Manager |
08 Jan 2024, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
08 Jan 2024, 16:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-01-08 15:15
Updated : 2024-02-28 20:54
NVD link : CVE-2023-47211
Mitre link : CVE-2023-47211
CVE.ORG link : CVE-2023-47211
JSON object : View
Products Affected
zohocorp
- manageengine_firewall_analyzer
- manageengine_opmanager
- manageengine_netflow_analyzer
- manageengine_opmanager_plus
- manageengine_opmanager_msp
- manageengine_network_configuration_manager
- manageengine_oputils
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')