Auth bypass in Manageengine Servicedesk_plus

CVE-2011-2756

FileDownload.jsp in ManageEngine ServiceDesk Plus 8.0 before Build 8012 does not require authentication, which allows remote attackers to read files from a specific directory via unspecified vectors.

Vulnerability class: Broken Authentication

EPSS: 0.003 (54.9th percentile) — read the EPSS interpretation.

Affected products

Manageengine Servicedesk_plus — versions 8.0
N/a — versions n/a

Weakness classification (CWE)

CWE-287 — Improper Authentication

References

VU#543310 (x_refsource_CERT-VN, US Government Resource, third-party-advisory)