Vulnerability Details CVE-2017-11561
An issue was discovered in ZOHO ManageEngine OpManager 12.2. An authenticated user can upload any file they want to share in the "Group Chat" or "Alarm" section. This functionality can be abused by a malicious user by uploading a web shell.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.009
EPSS Ranking 74.0%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.0
References
Products affected by CVE-2017-11561
-
cpe:2.3:a:zohocorp:manageengine_opmanager:12.2