CVE-2017-11511
HIGH EXPLOITEDManageEngine ServiceDesk <9.3.9328 - Path Traversal
Title source: llmExploitation Summary
CVE-2017-11511 has been observed exploited in the wild (reported by VulnCheck KEV).
Description
The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file downloads due to improper restrictions of the pathname used in the filepath parameter for the download-file URL. An unauthenticated remote attacker can use this vulnerability to download arbitrary files.
References (2)
Core 2
Core References
Issue Tracking, Third Party Advisory x_refsource_misc
https://www.tenable.com/security/research/tra-2017-31
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/101788
Scores
CVSS v3
7.5
EPSS
0.0354
EPSS Percentile
87.9%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
VulnCheck KEV
2024-09-19
CWE
CWE-200
CWE-22
Status
published
Products (2)
manageengine/servicedesk
9.3.9328
Zoho/ManageEngine ServiceDesk
9.3.9328
Published
Nov 08, 2017
Tracked Since
Feb 18, 2026