Vulnerability CVE-2023-4768


Published: 2023-11-03

Description:
A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0. This vulnerability could allow a remote attacker to inject arbitrary HTTP headers and perform HTTP response splitting attacks via the fileName parameter in /STATE_ID/1613157927228/InvSWMetering.pdf.

Type:

CWE-93

(Improper Neutralization of CRLF Sequences ('CRLF Injection'))

 References:
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-manageengine-desktop-central

Copyright 2024, cxsecurity.com

 

Back to Top