critical
9.1
CWE
22
Advisory Published
Updated

CVE-2023-47211: Path Traversal

First published: Mon Jan 08 2024(Updated: )

A directory traversal vulnerability exists in the uploadMib functionality of ManageEngine OpManager 12.7.258. A specially crafted HTTP request can lead to arbitrary file creation. An attacker can send a malicious MiB file to trigger this vulnerability.

Credit: talos-cna@cisco.com

Affected SoftwareAffected VersionHow to fix
Zohocorp Manageengine Firewall Analyzer<12.7
Zohocorp Manageengine Firewall Analyzer=12.7-build127000
Zohocorp Manageengine Firewall Analyzer=12.7-build127101
Zohocorp Manageengine Firewall Analyzer=12.7-build127130
Zohocorp Manageengine Firewall Analyzer=12.7-build127131
Zohocorp Manageengine Firewall Analyzer=12.7-build127187
Zohocorp Manageengine Firewall Analyzer=12.7-build127244
Zohocorp Manageengine Firewall Analyzer=12.7-build127257
Zohocorp Manageengine Firewall Analyzer=12.7-build127259
Zohocorp Manageengine Netflow Analyzer<12.7
Zohocorp Manageengine Netflow Analyzer=12.7-build127000
Zohocorp Manageengine Netflow Analyzer=12.7-build127003
Zohocorp Manageengine Netflow Analyzer=12.7-build127101
Zohocorp Manageengine Netflow Analyzer=12.7-build127130
Zohocorp Manageengine Netflow Analyzer=12.7-build127131
Zohocorp Manageengine Netflow Analyzer=12.7-build127187
Zohocorp Manageengine Netflow Analyzer=12.7-build127244
Zohocorp Manageengine Netflow Analyzer=12.7-build127255
Zohocorp Manageengine Netflow Analyzer=12.7-build127257
Zohocorp Manageengine Netflow Analyzer=12.7-build127259
Zohocorp Manageengine Network Configuration Manager<12.7
Zohocorp Manageengine Network Configuration Manager=12.7-build127000
Zohocorp Manageengine Network Configuration Manager=12.7-build127102
Zohocorp Manageengine Network Configuration Manager=12.7-build127105
Zohocorp Manageengine Network Configuration Manager=12.7-build127132
Zohocorp Manageengine Network Configuration Manager=12.7-build127243
Zohocorp Manageengine Network Configuration Manager=12.7-build127257
Zohocorp Manageengine Network Configuration Manager=12.7-build127259
Zohocorp Manageengine Opmanager<12.7
Zohocorp Manageengine Opmanager=12.7-build127000
Zohocorp Manageengine Opmanager=12.7-build127001
Zohocorp Manageengine Opmanager=12.7-build127002
Zohocorp Manageengine Opmanager=12.7-build127003
Zohocorp Manageengine Opmanager=12.7-build127004
Zohocorp Manageengine Opmanager=12.7-build127100
Zohocorp Manageengine Opmanager=12.7-build127101
Zohocorp Manageengine Opmanager=12.7-build127102
Zohocorp Manageengine Opmanager=12.7-build127103
Zohocorp Manageengine Opmanager=12.7-build127104
Zohocorp Manageengine Opmanager=12.7-build127109
Zohocorp Manageengine Opmanager=12.7-build127116
Zohocorp Manageengine Opmanager=12.7-build127117
Zohocorp Manageengine Opmanager=12.7-build127118
Zohocorp Manageengine Opmanager=12.7-build127119
Zohocorp Manageengine Opmanager=12.7-build127120
Zohocorp Manageengine Opmanager=12.7-build127122
Zohocorp Manageengine Opmanager=12.7-build127123
Zohocorp Manageengine Opmanager=12.7-build127131
Zohocorp Manageengine Opmanager=12.7-build127133
Zohocorp Manageengine Opmanager=12.7-build127134
Zohocorp Manageengine Opmanager=12.7-build127136
Zohocorp Manageengine Opmanager=12.7-build127138
Zohocorp Manageengine Opmanager=12.7-build127140
Zohocorp Manageengine Opmanager=12.7-build127141
Zohocorp Manageengine Opmanager=12.7-build127185
Zohocorp Manageengine Opmanager=12.7-build127186
Zohocorp Manageengine Opmanager=12.7-build127187
Zohocorp Manageengine Opmanager=12.7-build127188
Zohocorp Manageengine Opmanager=12.7-build127189
Zohocorp Manageengine Opmanager=12.7-build127191
Zohocorp Manageengine Opmanager=12.7-build127240
Zohocorp Manageengine Opmanager=12.7-build127241
Zohocorp Manageengine Opmanager=12.7-build127242
Zohocorp Manageengine Opmanager=12.7-build127243
Zohocorp Manageengine Opmanager=12.7-build127255
Zohocorp Manageengine Opmanager=12.7-build127256
Zohocorp Manageengine Opmanager=12.7-build127257
Zohocorp Manageengine Opmanager=12.7-build127258
Zohocorp Manageengine Opmanager=12.7-build127259
Zohocorp Manageengine Opmanager Msp<12.7
Zohocorp Manageengine Opmanager Msp=12.7-build127109
Zohocorp Manageengine Opmanager Msp=12.7-build127122
Zohocorp Manageengine Opmanager Msp=12.7-build127123
Zohocorp Manageengine Opmanager Msp=12.7-build127138
Zohocorp Manageengine Opmanager Msp=12.7-build127139
Zohocorp Manageengine Opmanager Msp=12.7-build127140
Zohocorp Manageengine Opmanager Msp=12.7-build127141
Zohocorp Manageengine Opmanager Msp=12.7-build127142
Zohocorp Manageengine Opmanager Msp=12.7-build127259
Zohocorp Manageengine Opmanager Plus<12.7
Zohocorp Manageengine Opmanager Plus=12.7-build127109
Zohocorp Manageengine Opmanager Plus=12.7-build127122
Zohocorp Manageengine Opmanager Plus=12.7-build127123
Zohocorp Manageengine Opmanager Plus=12.7-build127138
Zohocorp Manageengine Opmanager Plus=12.7-build127139
Zohocorp Manageengine Opmanager Plus=12.7-build127140
Zohocorp Manageengine Opmanager Plus=12.7-build127141
Zohocorp Manageengine Opmanager Plus=12.7-build127142
Zohocorp Manageengine Opmanager Plus=12.7-build127259
Zohocorp Manageengine Oputils<12.7
Zohocorp Manageengine Oputils=12.7-build127101
Zohocorp Manageengine Oputils=12.7-build127117
Zohocorp Manageengine Oputils=12.7-build127134
Zohocorp Manageengine Oputils=12.7-build127241
Zohocorp Manageengine Oputils=12.7-build127242
Zohocorp Manageengine Oputils=12.7-build127258
Zohocorp Manageengine Oputils=12.7-build127259

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203