Remote Information Disclosure and Escalation of Privileges in ManageEngine Desktop Central MSP 10.0.137 allows attackers to download unencrypted XML files containing all data for configuration policies via a predictable /client-data/<client_id>/collections/##/usermgmt.xml URL, as demonstrated by passwords and Wi-Fi keys. This is fixed in build 100157.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2018-02-19T04:00:00

Updated: 2024-08-05T20:35:21.338Z

Reserved: 2017-11-21T00:00:00

Link: CVE-2017-16924

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2018-02-19T04:29:00.233

Modified: 2024-11-21T03:17:15.060

Link: CVE-2017-16924

cve-icon Redhat

No data.