CVE-2017-11561

Published: May 23, 2019Modified: Nov 21, 2024

6.5

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

An issue was discovered in ZOHO ManageEngine OpManager 12.2. An authenticated user can upload any file they want to share in the "Group Chat" or "Alarm" section. This functionality can be abused by a malicious user by uploading a web shell.

Affected (1)

Products: Zohocorp: Manageengine Opmanager

Zohocorp

1 product

Manageengine Opmanager

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Zohocorp Manageengine Opmanager	Version 12.2

Related CWEs

CWE-434

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (6)

http://manageengine.com

Source: cve@mitre.org

Vendor Advisory

http://opmanager.com

Source: cve@mitre.org

Product

https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18736

Source: cve@mitre.org

ExploitThird Party Advisory

http://manageengine.com

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://opmanager.com

Source: af854a3a-2127-422b-91ae-364da2661108

Product

https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18736

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.