ManageEngine ServiceDesk CVE-2017-11512 Arbitrary File Download Vulnerability



ManageEngine ServiceDesk is prone to a vulnerability that lets attackers download arbitrary files because the application fails to sufficiently sanitize user-supplied input.

An attacker can exploit this issue to download arbitrary files within the context of the web server process. Information obtained may aid in further attacks.
ManageEngine ServiceDesk 9.3.9328 is vulnerable; other versions may also be affected.

Information

Bugtraq ID: 101789
Class: Input Validation Error
CVE: CVE-2017-11512

Remote: Yes
Local: No
Published: Nov 08 2017 12:00AM
Updated: Nov 13 2017 09:06PM
Credit: Jacob Baines, Tenable Network Security
Vulnerable: ManageEngine ServiceDesk 9.3.9328


Not Vulnerable:

Exploit


The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.


Related Posts