Vulnerabilities

CVE-2017-11512

by Fred · 08/11/2017

The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file downloads due to improper restrictions of the pathname used in the name parameter for the download-snapshot URL. An unauthenticated remote attacker can use this vulnerability to download arbitrary files.

Date published : 2017-11-08

http://www.securityfocus.com/bid/101789

https://www.tenable.com/security/research/tra-2017-31

Similar

Tags: Cybersecurity Alert