CVE-2017-11512: Path Traversal
First published: Wed Nov 08 2017(Updated: )
The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file downloads due to improper restrictions of the pathname used in the name parameter for the download-snapshot URL. An unauthenticated remote attacker can use this vulnerability to download arbitrary files.
Credit: vulnreport@tenable.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| ManageEngine ServiceDesk | =9.3.9328 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2017-11512.
What is the severity of CVE-2017-11512?
CVE-2017-11512 has a severity score of 7.5, classified as high.
What is the affected software?
The affected software is ManageEngine ServiceDesk version 9.3.9328.
How can an attacker exploit CVE-2017-11512?
An unauthenticated remote attacker can exploit CVE-2017-11512 to download arbitrary files.
Are there any known references related to CVE-2017-11512?
Yes, there are references available at http://www.securityfocus.com/bid/101789 and https://www.tenable.com/security/research/tra-2017-31.
- collector/nvd-index
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/type
- agent/tags
- agent/description
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/manageengine
- canonical/manageengine servicedesk
- version/manageengine servicedesk/9.3.9328