CVE-2023-47211
CRITICALDescription
A directory traversal vulnerability exists in the uploadMib functionality of ManageEngine OpManager 12.7.258. A specially crafted HTTP request can lead to arbitrary file creation. An attacker can send a malicious MiB file to trigger this vulnerability.
Is your site exposed to CVE-2023-47211?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| zohocorp | manageengine_firewall_analyzer |
| zohocorp | manageengine_firewall_analyzer |
| zohocorp | manageengine_firewall_analyzer |
| zohocorp | manageengine_firewall_analyzer |
| zohocorp | manageengine_firewall_analyzer |
| zohocorp | manageengine_firewall_analyzer |
| zohocorp | manageengine_firewall_analyzer |
| zohocorp | manageengine_firewall_analyzer |
| zohocorp | manageengine_firewall_analyzer |
| zohocorp | manageengine_netflow_analyzer |
| zohocorp | manageengine_netflow_analyzer |
| zohocorp | manageengine_netflow_analyzer |
| zohocorp | manageengine_netflow_analyzer |
| zohocorp | manageengine_netflow_analyzer |
| zohocorp | manageengine_netflow_analyzer |
| zohocorp | manageengine_netflow_analyzer |
| zohocorp | manageengine_netflow_analyzer |
| zohocorp | manageengine_netflow_analyzer |
| zohocorp | manageengine_netflow_analyzer |
| zohocorp | manageengine_netflow_analyzer |
| zohocorp | manageengine_network_configuration_manager |
| zohocorp | manageengine_network_configuration_manager |
| zohocorp | manageengine_network_configuration_manager |
| zohocorp | manageengine_network_configuration_manager |
| zohocorp | manageengine_network_configuration_manager |
| zohocorp | manageengine_network_configuration_manager |
| zohocorp | manageengine_network_configuration_manager |
| zohocorp | manageengine_network_configuration_manager |
| zohocorp | manageengine_opmanager |
| zohocorp | manageengine_opmanager |
| zohocorp | manageengine_opmanager |
| zohocorp | manageengine_opmanager |
| zohocorp | manageengine_opmanager |
| zohocorp | manageengine_opmanager |
| zohocorp | manageengine_opmanager |
| zohocorp | manageengine_opmanager |
| zohocorp | manageengine_opmanager |
| zohocorp | manageengine_opmanager |
| zohocorp | manageengine_opmanager |
| zohocorp | manageengine_opmanager |
| zohocorp | manageengine_opmanager |
| zohocorp | manageengine_opmanager |
| zohocorp | manageengine_opmanager |
| zohocorp | manageengine_opmanager |
| zohocorp | manageengine_opmanager |
| zohocorp | manageengine_opmanager |
| zohocorp | manageengine_opmanager |
| zohocorp | manageengine_opmanager |
| zohocorp | manageengine_opmanager |
| zohocorp | manageengine_opmanager |
| zohocorp | manageengine_opmanager |
| zohocorp | manageengine_opmanager |
| zohocorp | manageengine_opmanager |
| zohocorp | manageengine_opmanager |
| zohocorp | manageengine_opmanager |
| zohocorp | manageengine_opmanager |
| zohocorp | manageengine_opmanager |
| zohocorp | manageengine_opmanager |
| zohocorp | manageengine_opmanager |
| zohocorp | manageengine_opmanager |
| zohocorp | manageengine_opmanager |
| zohocorp | manageengine_opmanager |
| zohocorp | manageengine_opmanager |
| zohocorp | manageengine_opmanager |
| zohocorp | manageengine_opmanager |
| zohocorp | manageengine_opmanager |
| zohocorp | manageengine_opmanager |
| zohocorp | manageengine_opmanager |
| zohocorp | manageengine_opmanager |
| zohocorp | manageengine_opmanager_msp |
| zohocorp | manageengine_opmanager_msp |
| zohocorp | manageengine_opmanager_msp |
| zohocorp | manageengine_opmanager_msp |
| zohocorp | manageengine_opmanager_msp |
| zohocorp | manageengine_opmanager_msp |
| zohocorp | manageengine_opmanager_msp |
| zohocorp | manageengine_opmanager_msp |
| zohocorp | manageengine_opmanager_msp |
| zohocorp | manageengine_opmanager_msp |
| zohocorp | manageengine_opmanager_plus |
| zohocorp | manageengine_opmanager_plus |
| zohocorp | manageengine_opmanager_plus |
| zohocorp | manageengine_opmanager_plus |
| zohocorp | manageengine_opmanager_plus |
| zohocorp | manageengine_opmanager_plus |
| zohocorp | manageengine_opmanager_plus |
| zohocorp | manageengine_opmanager_plus |
| zohocorp | manageengine_opmanager_plus |
| zohocorp | manageengine_opmanager_plus |
| zohocorp | manageengine_oputils |
| zohocorp | manageengine_oputils |
| zohocorp | manageengine_oputils |
| zohocorp | manageengine_oputils |
| zohocorp | manageengine_oputils |
| zohocorp | manageengine_oputils |
| zohocorp | manageengine_oputils |
| zohocorp | manageengine_oputils |
References
Advisories & Patches
Exploits
Frequently Asked Questions
What is CVE-2023-47211? +
How severe is CVE-2023-47211? +
What products are affected by CVE-2023-47211? +
How do I check if I'm vulnerable to CVE-2023-47211? +
Related Vulnerabilities
Karmada is a Kubernetes management system that allows users to run cloud-native applications across multiple Kubernetes clusters and clouds. Prior …
Path traversal vulnerability in Gleam's dependency management allows arbitrary directory deletion via malicious build/packages/packages.toml content. Package keys read from build/packages/packages.toml …
Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Prior to version 2.17.1, a path traversal …
Poetry is a dependency manager for Python. Prior to 2.3.4, the extractall() function in src/poetry/utils/helpers.py:410-426 extracts sdist tarballs without path …
Kenik Camera management Panel is vulnerable to Path Traversal vulnerability. An unauthenticated attacker can send GET request with arbitrary file …
Two path traversal vulnerabilities in the Network Installation Service (NIS) of Altium Enterprise Server allow an unauthenticated network attacker to …