2 matches found
CVE-2017-11512
The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file downloads due to improper restrictions of the pathname used in the name parameter for the download-snapshot URL. An unauthenticated remote attacker can use this vulnerability to download arbitrary files...
CVE-2017-11512
Affected product: ManageEngine ServiceDesk 9.3.9328. Vulnerability: Arbitrary file retrieval/download due to improper restrictions on the pathname in the name parameter of the download-snapshot path. Impact: Unauthenticated remote attacker can download arbitrary files from the server. Root cause:...