CVE-2017-11561 Information

Description

An issue was discovered in ZOHO ManageEngine OpManager 12.2. An authenticated user can upload any file they want to share in the \Group Chat\ or \Alarm\ section. This functionality can be abused by a malicious user by uploading a web shell.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Reference

http://manageengine.com http://opmanager.com https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18736

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

HIGH

Base Score

NONE

Base Severity

6.5