CVE-2017-11512

Summary

The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file downloads due to improper restrictions of the pathname used in the name parameter for the download-snapshot URL. An unauthenticated remote attacker can use this vulnerability to download arbitrary files.

Affected Software

VendorProductVersion RangeStatus
ZohoManageEngine ServiceDesk9.3.9328affected

Weaknesses

  • CWE-22: CWE-22: Improper Limitation of a Pathname to a Restricted Directory

ADP Enrichment

CVE Program Container

Additional References

References