Total
2 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-11511 | 1 Manageengine | 1 Servicedesk | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file downloads due to improper restrictions of the pathname used in the filepath parameter for the download-file URL. An unauthenticated remote attacker can use this vulnerability to download arbitrary files. | |||||
CVE-2017-11512 | 1 Manageengine | 1 Servicedesk | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file downloads due to improper restrictions of the pathname used in the name parameter for the download-snapshot URL. An unauthenticated remote attacker can use this vulnerability to download arbitrary files. |