Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2023-47211Path Traversal in Manageengine Firewall Analyzer

CWE-22Path Traversal7 documents5 sources
Severity
8.6HIGHNVD
CNA9.1
EPSS
76.1%
top 1.08%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
8
Zohocorp Manageengine Firewall AnalyzerZohocorp Manageengine Netflow AnalyzerZohocorp Manageengine Network Configuration Manager+5 more
Timeline
PublishedJan 8
Latest updateJun 4

Description

A directory traversal vulnerability exists in the uploadMib functionality of ManageEngine OpManager 12.7.258. A specially crafted HTTP request can lead to arbitrary file creation. An attacker can send a malicious MiB file to trigger this vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:NExploitability: 3.9 | Impact: 4.0

Affected Packages8 packages

CVEListV5manageengine/opmanager12.7.258

🔴Vulnerability Details

5
OSV
linux, linux-aws, linux-kvm vulnerabilities2025-06-04
OSV
linux-aws, linux-lts-xenial vulnerabilities2025-06-04
OSV
linux-fips vulnerabilities2025-06-04
CVEList
CVE-2023-47211: A directory traversal vulnerability exists in the uploadMib functionality of ManageEngine OpManager 122024-01-08
GHSA
GHSA-85h3-wq5q-6x6j: A directory traversal vulnerability exists in the uploadMib functionality of ManageEngine OpManager 122024-01-08

💥Exploits & PoCs

1
Nuclei
ManageEngine OpManager - Directory Traversal
CVE-2023-47211 — Path Traversal | cvebase