CVE-2017-11561Unrestricted File Upload in Manageengine Opmanager

CWE-434Unrestricted File Upload3 documents3 sources
Severity
6.5MEDIUMNVD
EPSS
0.8%
top 25.90%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Zohocorp Manageengine Opmanager
Timeline
PublishedMay 23
Latest updateMay 24

Description

An issue was discovered in ZOHO ManageEngine OpManager 12.2. An authenticated user can upload any file they want to share in the "Group Chat" or "Alarm" section. This functionality can be abused by a malicious user by uploading a web shell.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-3vch-5776-vg3j: An issue was discovered in ZOHO ManageEngine OpManager 122022-05-24
CVEList
CVE-2017-11561: An issue was discovered in ZOHO ManageEngine OpManager 122019-05-23
CVE-2017-11561 — Unrestricted File Upload | cvebase