High severity7.5NVD Advisory· Published Nov 8, 2017· Updated Jun 17, 2026
CVE-2017-11512
CVE-2017-11512
Description
The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file downloads due to improper restrictions of the pathname used in the name parameter for the download-snapshot URL. An unauthenticated remote attacker can use this vulnerability to download arbitrary files.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3cpe:2.3:a:manageengine:servicedesk:9.3.9328:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:manageengine:servicedesk:9.3.9328:*:*:*:*:*:*:*
- (no CPE)range: 9.3.9328
- Range: 9.3.9328
Patches
Vulnerability mechanics
References
2- www.securityfocus.com/bid/101789nvdThird Party AdvisoryVDB Entry
- www.tenable.com/security/research/tra-2017-31nvdIssue TrackingThird Party Advisory
News mentions
0No linked articles in our index yet.