ManageEngine ServiceDesk CVE-2017-11512 Arbitrary File Download Vulnerability

ManageEngine ServiceDesk is prone to a vulnerability that lets attackers download arbitrary files because the application fails to sufficiently sanitize user-supplied input.

An attacker can exploit this issue to download arbitrary files within the context of the web server process. Information obtained may aid in further attacks.
ManageEngine ServiceDesk 9.3.9328 is vulnerable; other versions may also be affected.


Bugtraq ID: 101789
Class: Input Validation Error
CVE: CVE-2017-11512

Remote: Yes
Local: No
Published: Nov 08 2017 12:00AM
Updated: Nov 13 2017 09:06PM
Credit: Jacob Baines, Tenable Network Security
Vulnerable: ManageEngine ServiceDesk 9.3.9328

Not Vulnerable:


The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.

Related Posts