RSS   Vulnerabilities for 'Servicedesk'   RSS

2017-11-08
 
CVE-2017-11512

CWE-22
 

 
The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file downloads due to improper restrictions of the pathname used in the name parameter for the download-snapshot URL. An unauthenticated remote attacker can use this vulnerability to download arbitrary files.

 
 
CVE-2017-11511

CWE-200
 

 
The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file downloads due to improper restrictions of the pathname used in the filepath parameter for the download-file URL. An unauthenticated remote attacker can use this vulnerability to download arbitrary files.

 

 >>> Vendor: Manageengine 20 Products
Firewall analyzer
Passwordmanager pro
Opmanager
Opmanager msp
Eventlog analyzer
Applications manager
Servicedesk plus
Supportcenter plus
Oputils
Netflow analyzer
Password manager pro
Password manager pro6.1
Adaudit plus
Admanager plus
Assetexplorer
Device expert
Desktop central
It360
Supportcenter
Servicedesk


Copyright 2024, cxsecurity.com

 

Back to Top