Skip to main content

Servicedesk

2 CVEs product

Monthly

CVE-2017-11512 HIGH POC THREAT Act Now

The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file downloads due to improper restrictions of the pathname used in the name parameter for the download-snapshot URL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 82.9%.

Path Traversal Zoho Servicedesk
NVD
CVSS 3.0
7.5
EPSS
82.9%
Threat
5.5
CVE-2017-11511 HIGH This Week

The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file downloads due to improper restrictions of the pathname used in the filepath parameter for the download-file URL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Zoho Servicedesk
NVD
CVSS 3.0
7.5
EPSS
4.1%
EPSS 83% 5.5 CVSS 7.5
HIGH POC THREAT Act Now

The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file downloads due to improper restrictions of the pathname used in the name parameter for the download-snapshot URL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 82.9%.

Path Traversal Zoho Servicedesk
NVD
EPSS 4% CVSS 7.5
HIGH This Week

The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file downloads due to improper restrictions of the pathname used in the filepath parameter for the download-file URL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Zoho Servicedesk
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy