CVE-2023-47211

A directory traversal vulnerability exists in the uploadMib functionality of ManageEngine OpManager 12.7.258. A specially crafted HTTP request can lead to arbitrary file creation. An attacker can send a malicious MiB file to trigger this vulnerability.

Published: Jan 8, 2024
Updated: Jan 13, 2024
CVE: CVE-2023-47211
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.6
AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

CWEs:

CWE-22

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
zohocorp / manageengine_opmanager	-	12.7
zohocorp / manageengine_opmanager	12.7-build127000	12.7-build127000.x
zohocorp / manageengine_opmanager	12.7-build127100	12.7-build127100.x
zohocorp / manageengine_opmanager	12.7-build127242	12.7-build127242.x
zohocorp / manageengine_opmanager	12.7-build127241	12.7-build127241.x
zohocorp / manageengine_opmanager	12.7-build127240	12.7-build127240.x
zohocorp / manageengine_opmanager	12.7-build127191	12.7-build127191.x
zohocorp / manageengine_opmanager	12.7-build127189	12.7-build127189.x
zohocorp / manageengine_opmanager	12.7-build127188	12.7-build127188.x
zohocorp / manageengine_opmanager	12.7-build127187	12.7-build127187.x
zohocorp / manageengine_opmanager	12.7-build127186	12.7-build127186.x
zohocorp / manageengine_opmanager	12.7-build127185	12.7-build127185.x
zohocorp / manageengine_opmanager	12.7-build127141	12.7-build127141.x
zohocorp / manageengine_opmanager	12.7-build127140	12.7-build127140.x
zohocorp / manageengine_opmanager	12.7-build127138	12.7-build127138.x
zohocorp / manageengine_opmanager	12.7-build127136	12.7-build127136.x
zohocorp / manageengine_opmanager	12.7-build127134	12.7-build127134.x
zohocorp / manageengine_opmanager	12.7-build127133	12.7-build127133.x
zohocorp / manageengine_opmanager	12.7-build127131	12.7-build127131.x
zohocorp / manageengine_opmanager	12.7-build127123	12.7-build127123.x
zohocorp / manageengine_opmanager	12.7-build127122	12.7-build127122.x
zohocorp / manageengine_opmanager	12.7-build127120	12.7-build127120.x
zohocorp / manageengine_opmanager	12.7-build127119	12.7-build127119.x
zohocorp / manageengine_opmanager	12.7-build127118	12.7-build127118.x
zohocorp / manageengine_opmanager	12.7-build127117	12.7-build127117.x
zohocorp / manageengine_opmanager	12.7-build127116	12.7-build127116.x
zohocorp / manageengine_opmanager	12.7-build127109	12.7-build127109.x
zohocorp / manageengine_opmanager	12.7-build127104	12.7-build127104.x
zohocorp / manageengine_opmanager	12.7-build127103	12.7-build127103.x
zohocorp / manageengine_opmanager	12.7-build127102	12.7-build127102.x
zohocorp / manageengine_opmanager	12.7-build127101	12.7-build127101.x
zohocorp / manageengine_opmanager	12.7-build127004	12.7-build127004.x
zohocorp / manageengine_opmanager	12.7-build127003	12.7-build127003.x
zohocorp / manageengine_opmanager	12.7-build127002	12.7-build127002.x
zohocorp / manageengine_opmanager	12.7-build127001	12.7-build127001.x
zohocorp / manageengine_oputils	-	12.7
zohocorp / manageengine_oputils	12.7-build127242	12.7-build127242.x
zohocorp / manageengine_oputils	12.7-build127241	12.7-build127241.x
zohocorp / manageengine_oputils	12.7-build127134	12.7-build127134.x
zohocorp / manageengine_oputils	12.7-build127117	12.7-build127117.x
zohocorp / manageengine_oputils	12.7-build127101	12.7-build127101.x
zohocorp / manageengine_firewall_analyzer	12.7-build127000	12.7-build127000.x
zohocorp / manageengine_firewall_analyzer	12.7-build127101	12.7-build127101.x
zohocorp / manageengine_firewall_analyzer	12.7-build127130	12.7-build127130.x
zohocorp / manageengine_firewall_analyzer	12.7-build127131	12.7-build127131.x
zohocorp / manageengine_firewall_analyzer	12.7-build127187	12.7-build127187.x
zohocorp / manageengine_firewall_analyzer	-	12.7
zohocorp / manageengine_netflow_analyzer	12.7-build127257	12.7-build127257.x
zohocorp / manageengine_netflow_analyzer	12.7-build127255	12.7-build127255.x
zohocorp / manageengine_netflow_analyzer	12.7-build127244	12.7-build127244.x
zohocorp / manageengine_netflow_analyzer	12.7-build127187	12.7-build127187.x
zohocorp / manageengine_netflow_analyzer	12.7-build127131	12.7-build127131.x
zohocorp / manageengine_netflow_analyzer	12.7-build127130	12.7-build127130.x
zohocorp / manageengine_netflow_analyzer	12.7-build127101	12.7-build127101.x
zohocorp / manageengine_netflow_analyzer	12.7-build127003	12.7-build127003.x
zohocorp / manageengine_netflow_analyzer	12.7-build127000	12.7-build127000.x
zohocorp / manageengine_netflow_analyzer	-	12.7
zohocorp / manageengine_network_configuration_manager	12.7-build127000	12.7-build127000.x
zohocorp / manageengine_network_configuration_manager	12.7-build127102	12.7-build127102.x
zohocorp / manageengine_network_configuration_manager	12.7-build127105	12.7-build127105.x
zohocorp / manageengine_network_configuration_manager	12.7-build127132	12.7-build127132.x
zohocorp / manageengine_network_configuration_manager	-	12.7
zohocorp / manageengine_oputils	12.7-build127259	12.7-build127259.x
zohocorp / manageengine_oputils	12.7-build127258	12.7-build127258.x
zohocorp / manageengine_firewall_analyzer	12.7-build127259	12.7-build127259.x
zohocorp / manageengine_firewall_analyzer	12.7-build127244	12.7-build127244.x
zohocorp / manageengine_firewall_analyzer	12.7-build127257	12.7-build127257.x
zohocorp / manageengine_netflow_analyzer	12.7-build127259	12.7-build127259.x
zohocorp / manageengine_network_configuration_manager	12.7-build127259	12.7-build127259.x
zohocorp / manageengine_network_configuration_manager	12.7-build127243	12.7-build127243.x
zohocorp / manageengine_network_configuration_manager	12.7-build127257	12.7-build127257.x
zohocorp / manageengine_opmanager_msp	12.7-build127122	12.7-build127122.x
zohocorp / manageengine_opmanager_msp	12.7-build127123	12.7-build127123.x
zohocorp / manageengine_opmanager_msp	12.7-build127138	12.7-build127138.x
zohocorp / manageengine_opmanager_msp	12.7-build127139	12.7-build127139.x
zohocorp / manageengine_opmanager_msp	12.7-build127140	12.7-build127140.x
zohocorp / manageengine_opmanager_msp	12.7-build127141	12.7-build127141.x
zohocorp / manageengine_opmanager_msp	12.7-build127142	12.7-build127142.x
zohocorp / manageengine_opmanager_msp	12.7-build127259	12.7-build127259.x
zohocorp / manageengine_opmanager_msp	12.7-build127109	12.7-build127109.x
zohocorp / manageengine_opmanager_msp	-	12.7
zohocorp / manageengine_opmanager_plus	12.7-build127122	12.7-build127122.x
zohocorp / manageengine_opmanager_plus	12.7-build127123	12.7-build127123.x
zohocorp / manageengine_opmanager_plus	12.7-build127138	12.7-build127138.x
zohocorp / manageengine_opmanager_plus	12.7-build127139	12.7-build127139.x
zohocorp / manageengine_opmanager_plus	12.7-build127140	12.7-build127140.x
zohocorp / manageengine_opmanager_plus	12.7-build127141	12.7-build127141.x
zohocorp / manageengine_opmanager_plus	12.7-build127142	12.7-build127142.x
zohocorp / manageengine_opmanager_plus	12.7-build127259	12.7-build127259.x
zohocorp / manageengine_opmanager_plus	12.7-build127109	12.7-build127109.x
zohocorp / manageengine_opmanager_plus	-	12.7
zohocorp / manageengine_opmanager	12.7-build127259	12.7-build127259.x
zohocorp / manageengine_opmanager	12.7-build127243	12.7-build127243.x
zohocorp / manageengine_opmanager	12.7-build127255	12.7-build127255.x
zohocorp / manageengine_opmanager	12.7-build127256	12.7-build127256.x
zohocorp / manageengine_opmanager	12.7-build127257	12.7-build127257.x
zohocorp / manageengine_opmanager	12.7-build127258	12.7-build127258.x

Vulnerability Database

289,784

CVE-2023-47211