An issue was discovered in ZOHO ManageEngine OpManager 12.2. An authenticated user can upload any file they want to share in the "Group Chat" or "Alarm" section. This functionality can be abused by a malicious user by uploading a web shell.
References
Link | Resource |
---|---|
http://manageengine.com | Vendor Advisory |
http://opmanager.com | Product |
https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18736 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2019-05-23T15:32:59
Updated: 2019-05-23T15:32:59
Reserved: 2017-07-22T00:00:00
Link: CVE-2017-11561
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-05-23T16:29:08.073
Modified: 2019-05-24T13:30:10.907
Link: CVE-2017-11561
JSON object: View
Redhat Information
No data.
CWE