Zoho Manageengine Servicedesk vulnerabilities
2 known vulnerabilities affecting zoho/manageengine_servicedesk.
Total CVEs
2
CISA KEV
0
Public exploits
1
Exploited in wild
2
Severity breakdown
HIGH2
Vulnerabilities
Page 1 of 1
CVE-2017-11512P1HIGHCVSS 7.5ExploitedPoCv9.3.93282017-11-08
CVE-2017-11512 [HIGH] CWE-22 CVE-2017-11512: The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file downloads due to improper rest
The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file downloads due to improper restrictions of the pathname used in the name parameter for the download-snapshot URL. An unauthenticated remote attacker can use this vulnerability to download arbitrary files.
nvd
CVE-2017-11511P2HIGHCVSS 7.5Exploitedv9.3.93282017-11-08
CVE-2017-11511 [HIGH] CWE-22 CVE-2017-11511: The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file downloads due to improper rest
The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file downloads due to improper restrictions of the pathname used in the filepath parameter for the download-file URL. An unauthenticated remote attacker can use this vulnerability to download arbitrary files.
nvd