ManageEngine OpManager Directory Traversal Vulnerability
CVE-2023-47211

9.1CRITICAL

Key Information:

Vendor: Manageengine
Status: Opmanager
Vendor: CVE Published:; 8 January 2024

🔔 Create Manageengine Vulnerability Alert

What is CVE-2023-47211?

A directory traversal vulnerability has been identified in the uploadMib functionality of ManageEngine OpManager, version 12.7.258. Attackers can exploit this vulnerability by sending specially crafted HTTP requests with malicious MiB files. This could lead to arbitrary file creation on the server, which may compromise the integrity and confidentiality of the system. Organizations using the affected version are urged to apply necessary patches and security measures to mitigate potential risks associated with this vulnerability.

Affected Version(s)

OpManager 12.7.258

References

https://talosintelligence.com/vulnerability_reports/TALOS...

https://www.manageengine.com/itom/advisory/cve-2023-47211...

EPSS Score

84% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 8, 2024