CVE-2011-2756 — Improper Authentication in Servicedesk Plus

CWE-287 — Improper Authentication3 documents3 sources

Severity

5.0MEDIUMNVD

EPSS

0.3%

top 45.39%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Manageengine Servicedesk Plus

Timeline

PublishedJul 17

Latest updateMay 17

Description

FileDownload.jsp in ManageEngine ServiceDesk Plus 8.0 before Build 8012 does not require authentication, which allows remote attackers to read files from a specific directory via unspecified vectors.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDmanageengine/servicedesk_plus8.0

🔴Vulnerability Details

GHSA

GHSA-qqv4-hj7r-xr74: FileDownload↗2022-05-17

▶

CVEList

CVE-2011-2756: FileDownload↗2011-07-17

▶