Summary
ManageEngine ServiceDesk Plus is prone to a directory-traversal vulnerability because the application fails to properly sanitize user- supplied input.
An attacker can exploit this vulnerability to obtain arbitrary local files in the context of the webserver process.
ManageEngine ServiceDesk Plus 8.0 is vulnerable
other versions may
also be affected.
References
Updated on 2017-03-28
Severity
Classification
-
CVE CVE-2011-2757 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Advantech WebAccess Multiple Stack Based Buffer Overflow Vulnerabilities
- Apache Rave User Information Disclosure Vulnerability
- 11in1 Cross Site Request Forgery and Local File Include Vulnerabilities
- Apache Tomcat TroubleShooter Servlet Installed
- Apache Tomcat SecurityConstraints Security Bypass Vulnerability