2 matches found
CVE-2017-11512
Affected product: ManageEngine ServiceDesk 9.3.9328. Vulnerability: Arbitrary file retrieval/download due to improper restrictions on the pathname in the name parameter of the download-snapshot path. Impact: Unauthenticated remote attacker can download arbitrary files from the server. Root cause:...
CVE-2017-11511
CVE-2017-11511 affects ManageEngine ServiceDesk 9.3.9328. The vulnerability arises from improper restrictions of the pathname in the filepath parameter of the download-file URL, enabling an unauthenticated attacker to download arbitrary files. Affected component: the DownloadFileServlet handling ...