gsd-2023-47211
Vulnerability from gsd
Modified
2023-12-13 01:20
Details
A directory traversal vulnerability exists in the uploadMib functionality of ManageEngine OpManager 12.7.258. A specially crafted HTTP request can lead to arbitrary file creation. An attacker can send a malicious MiB file to trigger this vulnerability.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2023-47211",
"id": "GSD-2023-47211"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2023-47211"
],
"details": "A directory traversal vulnerability exists in the uploadMib functionality of ManageEngine OpManager 12.7.258. A specially crafted HTTP request can lead to arbitrary file creation. An attacker can send a malicious MiB file to trigger this vulnerability.",
"id": "GSD-2023-47211",
"modified": "2023-12-13T01:20:51.469874Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"ID": "CVE-2023-47211",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OpManager",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "12.7.258"
}
]
}
}
]
},
"vendor_name": "ManageEngine"
}
]
}
},
"credits": [
{
"lang": "en",
"value": "Discovered by Marcin \u0026#39;Icewall\u0026#39; Noga of Cisco Talos."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A directory traversal vulnerability exists in the uploadMib functionality of ManageEngine OpManager 12.7.258. A specially crafted HTTP request can lead to arbitrary file creation. An attacker can send a malicious MiB file to trigger this vulnerability."
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L",
"version": "3.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"cweId": "CWE-22",
"lang": "eng",
"value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1851",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1851"
},
{
"name": "https://www.manageengine.com/itom/advisory/cve-2023-47211.html",
"refsource": "MISC",
"url": "https://www.manageengine.com/itom/advisory/cve-2023-47211.html"
}
]
}
},
"nvd.nist.gov": {
"cve": {
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "50FB7952-0CED-4A64-A435-D588CA661630",
"versionEndExcluding": "12.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.7:build127000:*:*:*:*:*:*",
"matchCriteriaId": "8343B084-2009-44F2-B36C-C66719BBB1FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.7:build127101:*:*:*:*:*:*",
"matchCriteriaId": "2574DD71-36A4-47AE-ABC3-D05D36FF8F02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.7:build127130:*:*:*:*:*:*",
"matchCriteriaId": "B9D787C9-F37B-4193-A34F-080F7410BFA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.7:build127131:*:*:*:*:*:*",
"matchCriteriaId": "55FB4705-D709-42F0-A562-6C5A05E00EAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.7:build127187:*:*:*:*:*:*",
"matchCriteriaId": "4503E624-DC7F-4C5E-B715-0EC4676CA1ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.7:build127244:*:*:*:*:*:*",
"matchCriteriaId": "BAD9E275-CCBA-4A25-A91D-2CC9D1547B74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.7:build127257:*:*:*:*:*:*",
"matchCriteriaId": "F50149D0-8105-49EE-9F0D-CFD67B0F64C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.7:build127259:*:*:*:*:*:*",
"matchCriteriaId": "E0DECCD8-2E8C-4288-8CB5-10C117D83112",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9222E54C-0A7C-4828-9917-7CFD7EE8BC59",
"versionEndExcluding": "12.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.7:build127000:*:*:*:*:*:*",
"matchCriteriaId": "85778DB3-87D9-4C6A-9149-C58C45913268",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.7:build127003:*:*:*:*:*:*",
"matchCriteriaId": "3973EC75-A70A-475A-82BB-409992F09392",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.7:build127101:*:*:*:*:*:*",
"matchCriteriaId": "14537D55-3ABE-423C-B320-6811292620AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.7:build127130:*:*:*:*:*:*",
"matchCriteriaId": "FCB0BDE0-5BD3-4315-A74B-D7065ABC91BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.7:build127131:*:*:*:*:*:*",
"matchCriteriaId": "3E850CF4-9078-4E43-A87C-8323536E8CD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.7:build127187:*:*:*:*:*:*",
"matchCriteriaId": "EC407852-45B1-47F4-A886-AF8B473A86D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.7:build127244:*:*:*:*:*:*",
"matchCriteriaId": "F528288A-7CC9-436C-9899-E4F343F83BCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.7:build127255:*:*:*:*:*:*",
"matchCriteriaId": "2C6E7D8F-8EF4-4FEF-BE87-82CFDD22DE2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.7:build127257:*:*:*:*:*:*",
"matchCriteriaId": "0BC6EA7D-E39F-4FE6-960D-BA6B85F81A9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.7:build127259:*:*:*:*:*:*",
"matchCriteriaId": "BE0BFAB9-E3F3-493E-B2D3-FA9BE69C0A1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D6628EB7-96F6-48E3-8018-8F569972B811",
"versionEndExcluding": "12.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.7:build127000:*:*:*:*:*:*",
"matchCriteriaId": "B64ADEEB-502D-4588-BD80-156124437AEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.7:build127102:*:*:*:*:*:*",
"matchCriteriaId": "2306C5F3-5413-4240-BAB6-E55849063A72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.7:build127105:*:*:*:*:*:*",
"matchCriteriaId": "87F97A9E-2AB3-4121-B5A7-0AA25780D336",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.7:build127132:*:*:*:*:*:*",
"matchCriteriaId": "AD049643-9546-4D39-BD26-79661205C110",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.7:build127243:*:*:*:*:*:*",
"matchCriteriaId": "EC810ED9-125E-41CA-B0BD-16BBF1726C3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.7:build127257:*:*:*:*:*:*",
"matchCriteriaId": "97B71808-B280-4BDC-819F-B80156A77CA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.7:build127259:*:*:*:*:*:*",
"matchCriteriaId": "F5458B6F-1D90-4563-A783-93480FB628DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "93A02A7E-02A8-4B74-AA9F-3DA0492748EF",
"versionEndExcluding": "12.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127000:*:*:*:*:*:*",
"matchCriteriaId": "24B04D73-0C55-49A8-B599-27C8C04948C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127001:*:*:*:*:*:*",
"matchCriteriaId": "97E74846-1666-4773-910D-77E0E19A7FCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127002:*:*:*:*:*:*",
"matchCriteriaId": "BB90B809-9D97-469F-B8F6-41B4AEAA2D3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127003:*:*:*:*:*:*",
"matchCriteriaId": "423C8618-9F3B-4B83-902C-FF01027EC54A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127004:*:*:*:*:*:*",
"matchCriteriaId": "7E974B56-7A00-4582-AF8B-0D09B94477BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127100:*:*:*:*:*:*",
"matchCriteriaId": "7B6F8404-F624-41AA-BE8D-170D843EC290",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127101:*:*:*:*:*:*",
"matchCriteriaId": "D0FF81E5-2134-4F45-9B39-2E3D5208BB80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127102:*:*:*:*:*:*",
"matchCriteriaId": "0D5DA95F-7C0F-4D05-BD35-DED356D01692",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127103:*:*:*:*:*:*",
"matchCriteriaId": "2B3A3EC3-DF7C-41A6-884C-C7C13D41B61E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127104:*:*:*:*:*:*",
"matchCriteriaId": "89EE3E31-8F55-4E44-8522-A32D6887AE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127109:*:*:*:*:*:*",
"matchCriteriaId": "979ED7B4-FAE3-4E98-A303-290E498FFD81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127116:*:*:*:*:*:*",
"matchCriteriaId": "EDC62E2F-AB97-4008-A52B-9CDC341A06BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127117:*:*:*:*:*:*",
"matchCriteriaId": "93DF7023-22AE-4A84-8734-06239013C10C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127118:*:*:*:*:*:*",
"matchCriteriaId": "2A128BED-75FA-42F1-9171-CBAEAA2366A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127119:*:*:*:*:*:*",
"matchCriteriaId": "5298BB50-8E22-490A-87C7-7F40B7F8F7C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127120:*:*:*:*:*:*",
"matchCriteriaId": "39C34F02-E413-4067-B958-86ADF89FA3AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127122:*:*:*:*:*:*",
"matchCriteriaId": "A0673E69-A2DB-424C-BBF0-79D729230F1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127123:*:*:*:*:*:*",
"matchCriteriaId": "4F062A20-6FFE-479B-9E64-E4771490B041",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127131:*:*:*:*:*:*",
"matchCriteriaId": "C598244E-7483-4762-AC27-BD8036FEFE5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127133:*:*:*:*:*:*",
"matchCriteriaId": "B188A792-EF1A-4292-BD91-47635706C430",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127134:*:*:*:*:*:*",
"matchCriteriaId": "BEFACD7A-D81B-4EDC-9E38-FD93FA0DE456",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127136:*:*:*:*:*:*",
"matchCriteriaId": "DF818138-079A-43BE-A8B5-5DA47FA443AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127138:*:*:*:*:*:*",
"matchCriteriaId": "27066A8F-75C4-42BF-A54B-543114B92995",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127140:*:*:*:*:*:*",
"matchCriteriaId": "A239C6F8-3FC0-4510-B33F-14B25908E68F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127141:*:*:*:*:*:*",
"matchCriteriaId": "E8399E84-1344-4472-91F3-F63255911876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127185:*:*:*:*:*:*",
"matchCriteriaId": "8888C77E-04A7-4C34-B497-504F6217E07B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127186:*:*:*:*:*:*",
"matchCriteriaId": "7502D92A-3B51-4A76-88D6-E2D76A584075",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127187:*:*:*:*:*:*",
"matchCriteriaId": "7E465A5F-C8B0-4AD0-8D6D-4823C5F8153D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127188:*:*:*:*:*:*",
"matchCriteriaId": "DBA622D6-CD85-4F0F-8CC3-39FE29754039",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127189:*:*:*:*:*:*",
"matchCriteriaId": "A0D2828B-B897-4F1D-B657-436DB3CAC2FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127191:*:*:*:*:*:*",
"matchCriteriaId": "98279B6E-8361-45CA-8912-F06972F4BD1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127240:*:*:*:*:*:*",
"matchCriteriaId": "A7D879C8-E89F-45C1-9609-80B737080AFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127241:*:*:*:*:*:*",
"matchCriteriaId": "3D8FD2DE-18D9-4F50-9256-672435059876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127242:*:*:*:*:*:*",
"matchCriteriaId": "F01FEA58-BE5B-4CEC-831D-3BF05A20688D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127243:*:*:*:*:*:*",
"matchCriteriaId": "FFD06A39-E943-41B5-B00B-168A6D919C80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127255:*:*:*:*:*:*",
"matchCriteriaId": "49469309-8B9B-4BF1-B80A-226F975FC47C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127256:*:*:*:*:*:*",
"matchCriteriaId": "C429A23E-3DC0-453F-AAF7-F3237C9C6B6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127257:*:*:*:*:*:*",
"matchCriteriaId": "1E3B72F3-2128-4AF1-A9A3-969D9738A24B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127258:*:*:*:*:*:*",
"matchCriteriaId": "62C3AE7F-3F84-4C59-BBF8-2E82FAFF7E15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127259:*:*:*:*:*:*",
"matchCriteriaId": "A559F75B-FB71-4926-89FC-AC2718F0273C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager_msp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A4FB8882-46AE-485B-82B5-67BF22DDC12C",
"versionEndExcluding": "12.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.7:build127109:*:*:*:*:*:*",
"matchCriteriaId": "265DB862-1B39-4B16-9AD9-D8D8190D08D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.7:build127122:*:*:*:*:*:*",
"matchCriteriaId": "5F476D22-0FA8-4128-833F-2F1E3D15615C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.7:build127123:*:*:*:*:*:*",
"matchCriteriaId": "A627EFBE-A429-42B8-A461-A7E1CDBBF796",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.7:build127138:*:*:*:*:*:*",
"matchCriteriaId": "622CDD01-6655-4786-AFB0-C1C2F5D5E0BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.7:build127139:*:*:*:*:*:*",
"matchCriteriaId": "BDCDF5A9-ACA3-40CE-B163-F8AA7C028A69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.7:build127140:*:*:*:*:*:*",
"matchCriteriaId": "5AA4A73B-B9E4-4B69-973E-A2F713037E4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.7:build127141:*:*:*:*:*:*",
"matchCriteriaId": "DA91290A-E4E0-412D-B5B7-C220B0F3087B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.7:build127142:*:*:*:*:*:*",
"matchCriteriaId": "0DCF4289-B176-4AEA-8860-9C81F15BFFB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.7:build127259:*:*:*:*:*:*",
"matchCriteriaId": "1CA0315F-27AE-4A5A-A05A-33A876B9C314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F7201B73-EB6C-4233-A8BF-CA5EE2DF6C73",
"versionEndExcluding": "12.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.7:build127109:*:*:*:*:*:*",
"matchCriteriaId": "5AF53EDA-45A9-424F-937A-44C7FF7299F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.7:build127122:*:*:*:*:*:*",
"matchCriteriaId": "C70F7D66-975A-4341-97E7-E6ED80A9F314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.7:build127123:*:*:*:*:*:*",
"matchCriteriaId": "43D72341-8C61-4D07-BBFE-D611B41A511C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.7:build127138:*:*:*:*:*:*",
"matchCriteriaId": "9BC8DCA0-FFC1-4487-8452-E6ED8A9C5A48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.7:build127139:*:*:*:*:*:*",
"matchCriteriaId": "5FEDB823-5D06-4C65-9042-D99982395892",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.7:build127140:*:*:*:*:*:*",
"matchCriteriaId": "18EF9B8C-F8DD-455E-BE93-80EB83374084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.7:build127141:*:*:*:*:*:*",
"matchCriteriaId": "89575D64-5969-4C11-8AC1-B48CA97A0558",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.7:build127142:*:*:*:*:*:*",
"matchCriteriaId": "E115A1C7-23CF-4E61-BC85-8B0884CE5BC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.7:build127259:*:*:*:*:*:*",
"matchCriteriaId": "258C790F-F7FE-4071-BAC2-45AB3D2212FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A1DA3A9-36FB-4BCA-AEEC-231A2C3127D0",
"versionEndExcluding": "12.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.7:build127101:*:*:*:*:*:*",
"matchCriteriaId": "0BA30C26-D3D8-447C-BD7A-9BC166C8BF3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.7:build127117:*:*:*:*:*:*",
"matchCriteriaId": "162E0203-17E1-427E-A351-33F75E8FE5A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.7:build127134:*:*:*:*:*:*",
"matchCriteriaId": "61FB54BF-7A8F-4EE5-AF42-15E2B69E9DE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.7:build127241:*:*:*:*:*:*",
"matchCriteriaId": "764139C9-FF6A-4BE0-BAF3-52F403C41393",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.7:build127242:*:*:*:*:*:*",
"matchCriteriaId": "3D9805F6-1A56-4FBF-8F47-DAA80E4DE9FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.7:build127258:*:*:*:*:*:*",
"matchCriteriaId": "0458F47B-0456-4005-9AB8-8183C3D1EBAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.7:build127259:*:*:*:*:*:*",
"matchCriteriaId": "266773C9-96A6-4588-A781-AE1C34B247D4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A directory traversal vulnerability exists in the uploadMib functionality of ManageEngine OpManager 12.7.258. A specially crafted HTTP request can lead to arbitrary file creation. An attacker can send a malicious MiB file to trigger this vulnerability."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de directory traversal en la funcionalidad uploadMib de ManageEngine OpManager 12.7.258. Una solicitud HTTP especialmente manipulada puede dar lugar a la creaci\u00f3n de archivos arbitrarios. Un atacante puede enviar un archivo MiB malicioso para desencadenar esta vulnerabilidad."
}
],
"id": "CVE-2023-47211",
"lastModified": "2024-01-12T18:44:45.403",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.1,
"impactScore": 5.3,
"source": "talos-cna@cisco.com",
"type": "Secondary"
}
]
},
"published": "2024-01-08T15:15:25.287",
"references": [
{
"source": "talos-cna@cisco.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1851"
},
{
"source": "talos-cna@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/itom/advisory/cve-2023-47211.html"
}
],
"sourceIdentifier": "talos-cna@cisco.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "talos-cna@cisco.com",
"type": "Secondary"
}
]
}
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…