Path traversal vulnerability - CVE-2023-47211

Severity: High

CVE ID: CVE-2023-47211

Product name Affected Version(s) Fixed Version(s) Fixed On
OpManager
OpManager Plus
OpManager MSP
NetFlow Analyzer
OpUtils
From version 127249 to 127259 127260 & above 11-12-2023
From version 127244 to 127247 127248 04-01-2024
Below version 127192 127193 to 127243 04-01-2024

Details:

Previously, path traversal vulnerability was detected for MIB browser.

This issue has now been fixed by implementing path sanitization, ensuring a new MIB is stored exclusively under the "OpManager/mibs" directory.

Impact:

The identified vulnerability enables authenticated users who have access to MIB Browser functionality to manipulate the file path or location of the uploaded MIB files outside the intended product installation directory using the Upload MIB feature in the MIB Browser tool via Upload MIB API.

Steps to upgrade:

  1. Kindly download the latest upgrade pack from here.
  2. Apply the latest build to your existing product installation as per the upgrade pack instructions provided in the above step.

Kindly contact our product support team for further details, at the below mentioned email address:

 

 
 Pricing  Get Quote