ГлавнаяУязвимости → CVE-2023-47211
9.1критическая

CVE-2023-47211

→ есть в БДУ: BDU:2024-01516 (на русском)
Описание (на английском; русское — в БДУ выше)

A directory traversal vulnerability exists in the uploadMib functionality of ManageEngine OpManager 12.7.258. A specially crafted HTTP request can lead to arbitrary file creation. An attacker can send a malicious MiB file to trigger this vulnerability.

Затрагиваемое ПО
Zohocorp Manageengine firewall analyzerZohocorp Manageengine netflow analyzerZohocorp Manageengine network configuration managerZohocorp Manageengine opmanagerZohocorp Manageengine opmanager mspZohocorp Manageengine opmanager plusZohocorp Manageengine oputils
CVSS
Балл9.1 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L
Источники
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1851https://www.manageengine.com/itom/advisory/cve-2023-47211.htmlhttps://talosintelligence.com/vulnerability_reports/TALOS-2023-1851https://www.manageengine.com/itom/advisory/cve-2023-47211.htmlhttps://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1851