Remote Information Disclosure and Escalation of Privileges in ManageEngine Desktop Central MSP 10.0.137 allows attackers to download unencrypted XML files containing all data for configuration policies via a predictable /client-data/<client_id>/collections/##/usermgmt.xml URL, as demonstrated by passwords and Wi-Fi keys. This is fixed in build 100157.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2018-02-19T04:00:00
Updated: 2024-08-05T20:35:21.338Z
Reserved: 2017-11-21T00:00:00
Link: CVE-2017-16924
Vulnrichment
No data.
NVD
Status : Modified
Published: 2018-02-19T04:29:00.233
Modified: 2024-11-21T03:17:15.060
Link: CVE-2017-16924
Redhat
No data.