exploitDog

CVE-2017-11561

Опубликовано: 23 мая 2019

Источник: nvd

CVSS3: 6.5

CVSS2: 4

EPSS Низкий

Описание

An issue was discovered in ZOHO ManageEngine OpManager 12.2. An authenticated user can upload any file they want to share in the "Group Chat" or "Alarm" section. This functionality can be abused by a malicious user by uploading a web shell.

Ссылки

http://manageengine.com
Vendor Advisory
http://opmanager.com
Product
https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18736
Exploit
Third Party Advisory
http://manageengine.com
Vendor Advisory
http://opmanager.com
Product
https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18736
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:zohocorp:manageengine_opmanager:12.2:*:*:*:*:*:*:*

EPSS

Процентиль: 74%

0.00816

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-434

Связанные уязвимости

GHSA-3vch-5776-vg3j

CVSS3: 6.5

github

больше 3 лет назад

An issue was discovered in ZOHO ManageEngine OpManager 12.2. An authenticated user can upload any file they want to share in the "Group Chat" or "Alarm" section. This functionality can be abused by a malicious user by uploading a web shell.

EPSS

Процентиль: 74%

0.00816

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-434