ManageEngine ServiceDesk CVE-2017-11511 Arbitrary File Download Vulnerability



ManageEngine ServiceDesk is prone to a vulnerability that lets attackers download arbitrary files because the application fails to sufficiently sanitize user-supplied input.

An attacker can exploit this issue to download arbitrary files within the context of the web server process. Information obtained may aid in further attacks.
ManageEngine ServiceDesk 9.3.9328 is vulnerable; other versions may also be affected.

Information

Bugtraq ID: 101788
Class: Input Validation Error
CVE: CVE-2017-11511

Remote: Yes
Local: No
Published: Nov 08 2017 12:00AM
Updated: Nov 08 2017 12:00AM
Credit: Jacob Baines, Tenable Network Security
Vulnerable: ManageEngine ServiceDesk 9.3.9328


Not Vulnerable:

Exploit


The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.


Related Posts

Comments