Path traversal vulnerability - CVE-2023-47211

Severity: High

CVE ID: CVE-2023-47211

Product name Affected Version(s) Fixed Version(s) Fixed On
OpManager
OpManager Plus
OpManager MSP
NetFlow Analyzer
OpUtils
From version 127249 to 127259 127260 & above 11-12-2023
From version 127244 to 127247 127248 04-01-2024
Below version 127192 127193 to 127243 04-01-2024

Details:

Previously, path traversal vulnerability was detected for MIB browser.

This issue has now been fixed by implementing path sanitization, ensuring a new MIB is stored exclusively under the "OpManager/mibs" directory.

Impact:

The identified vulnerability enables authenticated users who have access to MIB Browser functionality to manipulate the file path or location of the uploaded MIB files outside the intended product installation directory using the Upload MIB feature in the MIB Browser tool via Upload MIB API.

Steps to upgrade:

  1. Kindly download the latest upgrade pack from here.
  2. Apply the latest build to your existing product installation as per the upgrade pack instructions provided in the above step.

Kindly contact our product support team for further details, at the below mentioned email address:

 

Video Zone
OpManager Customer Videos
Michael Senatore, Operations Manager, Rojan Australia Pty Ltd.
  
  •  Venkatesan Veerappan, IT Consultant
     Mohd Jaffer Tawfiq Murtaja, Information Security officer from Al Ain sports club
  •  Jonathan ManageEngine Customer
     IT Admin from "Royal flying doctor service", Australia
  •  Michael Senatore, Operations Manager, Rojan Australia Pty Ltd.
     Michael - Network & Tech, ManageEngine Customer
  •  Altaleb Alshenqiti - Ministry of National Guard - Health Affairs
     Donald Stewart, IT Manager from Crest Industries
  •  John Rosser, MIS Manager - Yale Chase Equipment & Services
     David Tremont, Associate Directory of Infrastructure,USA
+-
Do you want a Price Quote?
For how many devices?
Fill out the form below
Name *
Business Email *
Phone *
By clicking 'Send', you agree to processing of personal data according to the Privacy Policy.
Thank you!
Back to Top