The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file downloads due to improper restrictions of the pathname used in the name parameter for the download-snapshot URL. An unauthenticated remote attacker can use this vulnerability to download arbitrary files.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: tenable
Published: 2017-11-08T22:00:00Z
Updated: 2024-09-16T17:02:50.915Z
Reserved: 2017-07-21T00:00:00
Link: CVE-2017-11512
Vulnrichment
No data.
NVD
Status : Modified
Published: 2017-11-08T22:29:00.403
Modified: 2024-11-21T03:07:55.220
Link: CVE-2017-11512
Redhat
No data.