Path Traversal in Manageengine Servicedesk_plus

CVE-2011-2755

Directory traversal vulnerability in FileDownload.jsp in ManageEngine ServiceDesk Plus 8.0 before Build 8012 allows remote attackers to read arbitrary files via unspecified vectors.

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.029 (86.5th percentile) — read the EPSS interpretation.

Affected products

Manageengine Servicedesk_plus — versions 8.0
N/a — versions n/a

Weakness classification (CWE)

CWE-22 — Path Traversal

References

VU#543310 (x_refsource_CERT-VN, US Government Resource, third-party-advisory)