9.1
CVE-2023-47211
- EPSS 84.43%
- Published 08.01.2024 15:15:25
- Last modified 21.11.2024 08:29:57
- Source talos-cna@cisco.com
- Teams watchlist Login
- Open Login
A directory traversal vulnerability exists in the uploadMib functionality of ManageEngine OpManager 12.7.258. A specially crafted HTTP request can lead to arbitrary file creation. An attacker can send a malicious MiB file to trigger this vulnerability.
Data is provided by the National Vulnerability Database (NVD)
Zohocorp ≫ Manageengine Firewall Analyzer Version < 12.7
Zohocorp ≫ Manageengine Firewall Analyzer Version12.7 Updatebuild127000
Zohocorp ≫ Manageengine Firewall Analyzer Version12.7 Updatebuild127101
Zohocorp ≫ Manageengine Firewall Analyzer Version12.7 Updatebuild127130
Zohocorp ≫ Manageengine Firewall Analyzer Version12.7 Updatebuild127131
Zohocorp ≫ Manageengine Firewall Analyzer Version12.7 Updatebuild127187
Zohocorp ≫ Manageengine Firewall Analyzer Version12.7 Updatebuild127244
Zohocorp ≫ Manageengine Firewall Analyzer Version12.7 Updatebuild127257
Zohocorp ≫ Manageengine Firewall Analyzer Version12.7 Updatebuild127259
Zohocorp ≫ Manageengine Netflow Analyzer Version < 12.7
Zohocorp ≫ Manageengine Netflow Analyzer Version12.7 Updatebuild127000
Zohocorp ≫ Manageengine Netflow Analyzer Version12.7 Updatebuild127003
Zohocorp ≫ Manageengine Netflow Analyzer Version12.7 Updatebuild127101
Zohocorp ≫ Manageengine Netflow Analyzer Version12.7 Updatebuild127130
Zohocorp ≫ Manageengine Netflow Analyzer Version12.7 Updatebuild127131
Zohocorp ≫ Manageengine Netflow Analyzer Version12.7 Updatebuild127187
Zohocorp ≫ Manageengine Netflow Analyzer Version12.7 Updatebuild127244
Zohocorp ≫ Manageengine Netflow Analyzer Version12.7 Updatebuild127255
Zohocorp ≫ Manageengine Netflow Analyzer Version12.7 Updatebuild127257
Zohocorp ≫ Manageengine Netflow Analyzer Version12.7 Updatebuild127259
Zohocorp ≫ Manageengine Network Configuration Manager Version < 12.7
Zohocorp ≫ Manageengine Network Configuration Manager Version12.7 Updatebuild127000
Zohocorp ≫ Manageengine Network Configuration Manager Version12.7 Updatebuild127102
Zohocorp ≫ Manageengine Network Configuration Manager Version12.7 Updatebuild127105
Zohocorp ≫ Manageengine Network Configuration Manager Version12.7 Updatebuild127132
Zohocorp ≫ Manageengine Network Configuration Manager Version12.7 Updatebuild127243
Zohocorp ≫ Manageengine Network Configuration Manager Version12.7 Updatebuild127257
Zohocorp ≫ Manageengine Network Configuration Manager Version12.7 Updatebuild127259
Zohocorp ≫ Manageengine Opmanager Version < 12.7
Zohocorp ≫ Manageengine Opmanager Version12.7 Updatebuild127000
Zohocorp ≫ Manageengine Opmanager Version12.7 Updatebuild127001
Zohocorp ≫ Manageengine Opmanager Version12.7 Updatebuild127002
Zohocorp ≫ Manageengine Opmanager Version12.7 Updatebuild127003
Zohocorp ≫ Manageengine Opmanager Version12.7 Updatebuild127004
Zohocorp ≫ Manageengine Opmanager Version12.7 Updatebuild127100
Zohocorp ≫ Manageengine Opmanager Version12.7 Updatebuild127101
Zohocorp ≫ Manageengine Opmanager Version12.7 Updatebuild127102
Zohocorp ≫ Manageengine Opmanager Version12.7 Updatebuild127103
Zohocorp ≫ Manageengine Opmanager Version12.7 Updatebuild127104
Zohocorp ≫ Manageengine Opmanager Version12.7 Updatebuild127109
Zohocorp ≫ Manageengine Opmanager Version12.7 Updatebuild127116
Zohocorp ≫ Manageengine Opmanager Version12.7 Updatebuild127117
Zohocorp ≫ Manageengine Opmanager Version12.7 Updatebuild127118
Zohocorp ≫ Manageengine Opmanager Version12.7 Updatebuild127119
Zohocorp ≫ Manageengine Opmanager Version12.7 Updatebuild127120
Zohocorp ≫ Manageengine Opmanager Version12.7 Updatebuild127122
Zohocorp ≫ Manageengine Opmanager Version12.7 Updatebuild127123
Zohocorp ≫ Manageengine Opmanager Version12.7 Updatebuild127131
Zohocorp ≫ Manageengine Opmanager Version12.7 Updatebuild127133
Zohocorp ≫ Manageengine Opmanager Version12.7 Updatebuild127134
Zohocorp ≫ Manageengine Opmanager Version12.7 Updatebuild127136
Zohocorp ≫ Manageengine Opmanager Version12.7 Updatebuild127138
Zohocorp ≫ Manageengine Opmanager Version12.7 Updatebuild127140
Zohocorp ≫ Manageengine Opmanager Version12.7 Updatebuild127141
Zohocorp ≫ Manageengine Opmanager Version12.7 Updatebuild127185
Zohocorp ≫ Manageengine Opmanager Version12.7 Updatebuild127186
Zohocorp ≫ Manageengine Opmanager Version12.7 Updatebuild127187
Zohocorp ≫ Manageengine Opmanager Version12.7 Updatebuild127188
Zohocorp ≫ Manageengine Opmanager Version12.7 Updatebuild127189
Zohocorp ≫ Manageengine Opmanager Version12.7 Updatebuild127191
Zohocorp ≫ Manageengine Opmanager Version12.7 Updatebuild127240
Zohocorp ≫ Manageengine Opmanager Version12.7 Updatebuild127241
Zohocorp ≫ Manageengine Opmanager Version12.7 Updatebuild127242
Zohocorp ≫ Manageengine Opmanager Version12.7 Updatebuild127243
Zohocorp ≫ Manageengine Opmanager Version12.7 Updatebuild127255
Zohocorp ≫ Manageengine Opmanager Version12.7 Updatebuild127256
Zohocorp ≫ Manageengine Opmanager Version12.7 Updatebuild127257
Zohocorp ≫ Manageengine Opmanager Version12.7 Updatebuild127258
Zohocorp ≫ Manageengine Opmanager Version12.7 Updatebuild127259
Zohocorp ≫ Manageengine Opmanager Msp Version < 12.7
Zohocorp ≫ Manageengine Opmanager Msp Version12.7 Updatebuild127109
Zohocorp ≫ Manageengine Opmanager Msp Version12.7 Updatebuild127122
Zohocorp ≫ Manageengine Opmanager Msp Version12.7 Updatebuild127123
Zohocorp ≫ Manageengine Opmanager Msp Version12.7 Updatebuild127138
Zohocorp ≫ Manageengine Opmanager Msp Version12.7 Updatebuild127139
Zohocorp ≫ Manageengine Opmanager Msp Version12.7 Updatebuild127140
Zohocorp ≫ Manageengine Opmanager Msp Version12.7 Updatebuild127141
Zohocorp ≫ Manageengine Opmanager Msp Version12.7 Updatebuild127142
Zohocorp ≫ Manageengine Opmanager Msp Version12.7 Updatebuild127259
Zohocorp ≫ Manageengine Opmanager Plus Version < 12.7
Zohocorp ≫ Manageengine Opmanager Plus Version12.7 Updatebuild127109
Zohocorp ≫ Manageengine Opmanager Plus Version12.7 Updatebuild127122
Zohocorp ≫ Manageengine Opmanager Plus Version12.7 Updatebuild127123
Zohocorp ≫ Manageengine Opmanager Plus Version12.7 Updatebuild127138
Zohocorp ≫ Manageengine Opmanager Plus Version12.7 Updatebuild127139
Zohocorp ≫ Manageengine Opmanager Plus Version12.7 Updatebuild127140
Zohocorp ≫ Manageengine Opmanager Plus Version12.7 Updatebuild127141
Zohocorp ≫ Manageengine Opmanager Plus Version12.7 Updatebuild127142
Zohocorp ≫ Manageengine Opmanager Plus Version12.7 Updatebuild127259
Zohocorp ≫ Manageengine Oputils Version < 12.7
Zohocorp ≫ Manageengine Oputils Version12.7 Updatebuild127101
Zohocorp ≫ Manageengine Oputils Version12.7 Updatebuild127117
Zohocorp ≫ Manageengine Oputils Version12.7 Updatebuild127134
Zohocorp ≫ Manageengine Oputils Version12.7 Updatebuild127241
Zohocorp ≫ Manageengine Oputils Version12.7 Updatebuild127242
Zohocorp ≫ Manageengine Oputils Version12.7 Updatebuild127258
Zohocorp ≫ Manageengine Oputils Version12.7 Updatebuild127259
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 84.43% | 0.993 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 8.6 | 3.9 | 4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
|
| talos-cna@cisco.com | 9.1 | 3.1 | 5.3 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L
|
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.