← Back

CVE-2023-47211

nvd nistnuclei
Published: Jan 8, 2024Modified: Nov 4, 2025

JSON object

Loading...
8.6
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
Exploitability: 3.9 / Impact: 4.0
Source: NVD

Description

A directory traversal vulnerability exists in the uploadMib functionality of ManageEngine OpManager 12.7.258. A specially crafted HTTP request can lead to arbitrary file creation. An attacker can send a malicious MiB file to trigger this vulnerability.

Affected (97)

Zohocorp
7 products
Manageengine Firewall Analyzer
Manageengine Netflow Analyzer
Manageengine Network Configuration Manager
Manageengine Opmanager
Manageengine Opmanager Msp
Manageengine Opmanager Plus
Manageengine Oputils
Configuration A
97 vulnerable
Vulnerable SoftwareAffected Versions
Zohocorp
Manageengine Firewall Analyzer
Before 12.7
Manageengine Firewall Analyzer
Version 12.7 build127000
Manageengine Firewall Analyzer
Version 12.7 build127101
Manageengine Firewall Analyzer
Version 12.7 build127130
Manageengine Firewall Analyzer
Version 12.7 build127131
Manageengine Firewall Analyzer
Version 12.7 build127187
Manageengine Firewall Analyzer
Version 12.7 build127244
Manageengine Firewall Analyzer
Version 12.7 build127257
Manageengine Firewall Analyzer
Version 12.7 build127259
Zohocorp
Manageengine Netflow Analyzer
Before 12.7
Manageengine Netflow Analyzer
Version 12.7 build127000
Manageengine Netflow Analyzer
Version 12.7 build127003
Manageengine Netflow Analyzer
Version 12.7 build127101
Manageengine Netflow Analyzer
Version 12.7 build127130
Manageengine Netflow Analyzer
Version 12.7 build127131
Manageengine Netflow Analyzer
Version 12.7 build127187
Manageengine Netflow Analyzer
Version 12.7 build127244
Manageengine Netflow Analyzer
Version 12.7 build127255
Manageengine Netflow Analyzer
Version 12.7 build127257
Manageengine Netflow Analyzer
Version 12.7 build127259
Zohocorp
Manageengine Network Configuration Manager
Before 12.7
Manageengine Network Configuration Manager
Version 12.7 build127000
Manageengine Network Configuration Manager
Version 12.7 build127102
Manageengine Network Configuration Manager
Version 12.7 build127105
Manageengine Network Configuration Manager
Version 12.7 build127132
Manageengine Network Configuration Manager
Version 12.7 build127243
Manageengine Network Configuration Manager
Version 12.7 build127257
Manageengine Network Configuration Manager
Version 12.7 build127259
Zohocorp
Manageengine Opmanager
Before 12.7
Manageengine Opmanager
Version 12.7 build127000
Manageengine Opmanager
Version 12.7 build127001
Manageengine Opmanager
Version 12.7 build127002
Manageengine Opmanager
Version 12.7 build127003
Manageengine Opmanager
Version 12.7 build127004
Manageengine Opmanager
Version 12.7 build127100
Manageengine Opmanager
Version 12.7 build127101
Manageengine Opmanager
Version 12.7 build127102
Manageengine Opmanager
Version 12.7 build127103
Manageengine Opmanager
Version 12.7 build127104
Manageengine Opmanager
Version 12.7 build127109
Manageengine Opmanager
Version 12.7 build127116
Manageengine Opmanager
Version 12.7 build127117
Manageengine Opmanager
Version 12.7 build127118
Manageengine Opmanager
Version 12.7 build127119
Manageengine Opmanager
Version 12.7 build127120
Manageengine Opmanager
Version 12.7 build127122
Manageengine Opmanager
Version 12.7 build127123
Manageengine Opmanager
Version 12.7 build127131
Manageengine Opmanager
Version 12.7 build127133
Manageengine Opmanager
Version 12.7 build127134
Manageengine Opmanager
Version 12.7 build127136
Manageengine Opmanager
Version 12.7 build127138
Manageengine Opmanager
Version 12.7 build127140
Manageengine Opmanager
Version 12.7 build127141
Manageengine Opmanager
Version 12.7 build127185
Manageengine Opmanager
Version 12.7 build127186
Manageengine Opmanager
Version 12.7 build127187
Manageengine Opmanager
Version 12.7 build127188
Manageengine Opmanager
Version 12.7 build127189
Manageengine Opmanager
Version 12.7 build127191
Manageengine Opmanager
Version 12.7 build127240
Manageengine Opmanager
Version 12.7 build127241
Manageengine Opmanager
Version 12.7 build127242
Manageengine Opmanager
Version 12.7 build127243
Manageengine Opmanager
Version 12.7 build127255
Manageengine Opmanager
Version 12.7 build127256
Manageengine Opmanager
Version 12.7 build127257
Manageengine Opmanager
Version 12.7 build127258
Manageengine Opmanager
Version 12.7 build127259
Zohocorp
Manageengine Opmanager Msp
Before 12.7
Manageengine Opmanager Msp
Version 12.7 build127109
Manageengine Opmanager Msp
Version 12.7 build127122
Manageengine Opmanager Msp
Version 12.7 build127123
Manageengine Opmanager Msp
Version 12.7 build127138
Manageengine Opmanager Msp
Version 12.7 build127139
Manageengine Opmanager Msp
Version 12.7 build127140
Manageengine Opmanager Msp
Version 12.7 build127141
Manageengine Opmanager Msp
Version 12.7 build127142
Manageengine Opmanager Msp
Version 12.7 build127259
Zohocorp
Manageengine Opmanager Plus
Before 12.7
Manageengine Opmanager Plus
Version 12.7 build127109
Manageengine Opmanager Plus
Version 12.7 build127122
Manageengine Opmanager Plus
Version 12.7 build127123
Manageengine Opmanager Plus
Version 12.7 build127138
Manageengine Opmanager Plus
Version 12.7 build127139
Manageengine Opmanager Plus
Version 12.7 build127140
Manageengine Opmanager Plus
Version 12.7 build127141
Manageengine Opmanager Plus
Version 12.7 build127142
Manageengine Opmanager Plus
Version 12.7 build127259
Zohocorp
Manageengine Oputils
Before 12.7
Manageengine Oputils
Version 12.7 build127101
Manageengine Oputils
Version 12.7 build127117
Manageengine Oputils
Version 12.7 build127134
Manageengine Oputils
Version 12.7 build127241
Manageengine Oputils
Version 12.7 build127242
Manageengine Oputils
Version 12.7 build127258
Manageengine Oputils
Version 12.7 build127259

Related CWEs

CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References (5)

Source: talos-cna@cisco.com
ExploitThird Party Advisory
Source: talos-cna@cisco.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.