Severity: High
CVE ID: CVE-2023-47211
Product name | Affected Version(s) | Fixed Version(s) | Fixed On |
---|---|---|---|
OpManager OpManager Plus OpManager MSP NetFlow Analyzer OpUtils |
|||
From version 127249 to 127259 | 127260 & above | 11-12-2023 | |
From version 127244 to 127247 | 127248 | 04-01-2024 | |
Below version 127192 | 127193 to 127243 | 04-01-2024 |
Details:
Previously, path traversal vulnerability was detected for MIB browser.
This issue has now been fixed by implementing path sanitization, ensuring a new MIB is stored exclusively under the "OpManager/mibs" directory.
Impact:
The identified vulnerability enables authenticated users who have access to MIB Browser functionality to manipulate the file path or location of the uploaded MIB files outside the intended product installation directory using the Upload MIB feature in the MIB Browser tool via Upload MIB API.
Steps to upgrade:
Kindly contact our product support team for further details, at the below mentioned email address: