← back
CVE-2017-11511

CVE-2017-11511

EPSS 3.5%CWE-22
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS EPSS 3.5%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
08 Nov 2017Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file downloads due to improper restrictions of the pathname used in the filepath parameter for the download-file URL. An unauthenticated remote attacker can use this vulnerability to download arbitrary files.
Affected products
Zoho · ManageEngine ServiceDesk

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.tenable.com/security/research/tra-2017-31http://www.securityfocus.com/bid/101788