critical
9.1
CWE
22
Advisory Published
Updated

CVE-2023-47211: Path Traversal

First published: Mon Jan 08 2024(Updated: )

A directory traversal vulnerability exists in the uploadMib functionality of ManageEngine OpManager 12.7.258. A specially crafted HTTP request can lead to arbitrary file creation. An attacker can send a malicious MiB file to trigger this vulnerability.

Credit: talos-cna@cisco.com

Affected SoftwareAffected VersionHow to fix
ManageEngine Firewall Analyzer<12.7
ManageEngine Firewall Analyzer=12.7-build127000
ManageEngine Firewall Analyzer=12.7-build127101
ManageEngine Firewall Analyzer=12.7-build127130
ManageEngine Firewall Analyzer=12.7-build127131
ManageEngine Firewall Analyzer=12.7-build127187
ManageEngine Firewall Analyzer=12.7-build127244
ManageEngine Firewall Analyzer=12.7-build127257
ManageEngine Firewall Analyzer=12.7-build127259
Zoho ManageEngine NetFlow Analyzer<12.7
Zoho ManageEngine NetFlow Analyzer=12.7-build127000
Zoho ManageEngine NetFlow Analyzer=12.7-build127003
Zoho ManageEngine NetFlow Analyzer=12.7-build127101
Zoho ManageEngine NetFlow Analyzer=12.7-build127130
Zoho ManageEngine NetFlow Analyzer=12.7-build127131
Zoho ManageEngine NetFlow Analyzer=12.7-build127187
Zoho ManageEngine NetFlow Analyzer=12.7-build127244
Zoho ManageEngine NetFlow Analyzer=12.7-build127255
Zoho ManageEngine NetFlow Analyzer=12.7-build127257
Zoho ManageEngine NetFlow Analyzer=12.7-build127259
ManageEngine Network Configuration Manager<12.7
ManageEngine Network Configuration Manager=12.7-build127000
ManageEngine Network Configuration Manager=12.7-build127102
ManageEngine Network Configuration Manager=12.7-build127105
ManageEngine Network Configuration Manager=12.7-build127132
ManageEngine Network Configuration Manager=12.7-build127243
ManageEngine Network Configuration Manager=12.7-build127257
ManageEngine Network Configuration Manager=12.7-build127259
ManageEngine OpManager MSP<12.7
ManageEngine OpManager MSP=12.7-build127000
ManageEngine OpManager MSP=12.7-build127001
ManageEngine OpManager MSP=12.7-build127002
ManageEngine OpManager MSP=12.7-build127003
ManageEngine OpManager MSP=12.7-build127004
ManageEngine OpManager MSP=12.7-build127100
ManageEngine OpManager MSP=12.7-build127101
ManageEngine OpManager MSP=12.7-build127102
ManageEngine OpManager MSP=12.7-build127103
ManageEngine OpManager MSP=12.7-build127104
ManageEngine OpManager MSP=12.7-build127109
ManageEngine OpManager MSP=12.7-build127116
ManageEngine OpManager MSP=12.7-build127117
ManageEngine OpManager MSP=12.7-build127118
ManageEngine OpManager MSP=12.7-build127119
ManageEngine OpManager MSP=12.7-build127120
ManageEngine OpManager MSP=12.7-build127122
ManageEngine OpManager MSP=12.7-build127123
ManageEngine OpManager MSP=12.7-build127131
ManageEngine OpManager MSP=12.7-build127133
ManageEngine OpManager MSP=12.7-build127134
ManageEngine OpManager MSP=12.7-build127136
ManageEngine OpManager MSP=12.7-build127138
ManageEngine OpManager MSP=12.7-build127140
ManageEngine OpManager MSP=12.7-build127141
ManageEngine OpManager MSP=12.7-build127185
ManageEngine OpManager MSP=12.7-build127186
ManageEngine OpManager MSP=12.7-build127187
ManageEngine OpManager MSP=12.7-build127188
ManageEngine OpManager MSP=12.7-build127189
ManageEngine OpManager MSP=12.7-build127191
ManageEngine OpManager MSP=12.7-build127240
ManageEngine OpManager MSP=12.7-build127241
ManageEngine OpManager MSP=12.7-build127242
ManageEngine OpManager MSP=12.7-build127243
ManageEngine OpManager MSP=12.7-build127255
ManageEngine OpManager MSP=12.7-build127256
ManageEngine OpManager MSP=12.7-build127257
ManageEngine OpManager MSP=12.7-build127258
ManageEngine OpManager MSP=12.7-build127259
ManageEngine OpManager MSP<12.7
ManageEngine OpManager MSP=12.7-build127109
ManageEngine OpManager MSP=12.7-build127122
ManageEngine OpManager MSP=12.7-build127123
ManageEngine OpManager MSP=12.7-build127138
ManageEngine OpManager MSP=12.7-build127139
ManageEngine OpManager MSP=12.7-build127140
ManageEngine OpManager MSP=12.7-build127141
ManageEngine OpManager MSP=12.7-build127142
ManageEngine OpManager MSP=12.7-build127259
ManageEngine OpManager Plus<12.7
ManageEngine OpManager Plus=12.7-build127109
ManageEngine OpManager Plus=12.7-build127122
ManageEngine OpManager Plus=12.7-build127123
ManageEngine OpManager Plus=12.7-build127138
ManageEngine OpManager Plus=12.7-build127139
ManageEngine OpManager Plus=12.7-build127140
ManageEngine OpManager Plus=12.7-build127141
ManageEngine OpManager Plus=12.7-build127142
ManageEngine OpManager Plus=12.7-build127259
ManageEngine OpUtils<12.7
ManageEngine OpUtils=12.7-build127101
ManageEngine OpUtils=12.7-build127117
ManageEngine OpUtils=12.7-build127134
ManageEngine OpUtils=12.7-build127241
ManageEngine OpUtils=12.7-build127242
ManageEngine OpUtils=12.7-build127258
ManageEngine OpUtils=12.7-build127259

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2023-47211?

    CVE-2023-47211 has been identified as a high severity vulnerability due to its potential for arbitrary file creation.

  • How do I fix CVE-2023-47211?

    To fix CVE-2023-47211, you should update to the latest patched version of ManageEngine OpManager.

  • What impact can CVE-2023-47211 have on my system?

    CVE-2023-47211 can lead to unauthorized file creation, potentially compromising system integrity and security.

  • Which versions of ManageEngine are affected by CVE-2023-47211?

    CVE-2023-47211 affects ManageEngine OpManager versions prior to 12.7.259.

  • What type of attack can exploit CVE-2023-47211?

    CVE-2023-47211 can be exploited through a specially crafted HTTP request that targets the uploadMib functionality.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203