CVE-2017-11561

EUVD-2017-3176
An issue was discovered in ZOHO ManageEngine OpManager 12.2. An authenticated user can upload any file they want to share in the "Group Chat" or "Alarm" section. This functionality can be abused by a malicious user by uploading a web shell.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 74%
Affected Products (NVD)
VendorProductVersion
zohocorpmanageengine_opmanager
12.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://manageengine.com
http://opmanager.com
https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18736
http://manageengine.com
http://opmanager.com
https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18736