CVE-2017-11511

2017-11-08T17:29:00
ID CVE-2017-11511
Type cve
Reporter NVD
Modified 2017-11-29T10:09:49

Description

The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file downloads due to improper restrictions of the pathname used in the filepath parameter for the download-file URL. An unauthenticated remote attacker can use this vulnerability to download arbitrary files.