CVE-2011-2757

2011-07-1720:55:01

CWE-22

mitre

web.nvd.nist.gov

cve-2011-2757

directory traversal

filedownload.jsp

manageengine servicedesk plus

remote attackers

arbitrary files

security vulnerability

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.8

Confidence

Low

EPSS

0.005

Percentile

75.7%

JSON

Directory traversal vulnerability in FileDownload.jsp in ManageEngine ServiceDesk Plus 8.0.0.12 and earlier allows remote attackers to read arbitrary files via a … (dot dot) in the FILENAME parameter. NOTE: this might overlap the US-CERT VU#543310 issue.

Affected configurations

Nvd

Node

manageengineservicedesk_plusRange≤8.0.0.12

manageengineservicedesk_plusMatch7.0.0

manageengineservicedesk_plusMatch7.6

manageengineservicedesk_plusMatch8.0

VendorProductVersionCPE
manageengineservicedesk_plus*cpe:2.3:a:manageengine:servicedesk_plus:*:*:*:*:*:*:*:*
manageengineservicedesk_plus7.0.0cpe:2.3:a:manageengine:servicedesk_plus:7.0.0:*:*:*:*:*:*:*
manageengineservicedesk_plus7.6cpe:2.3:a:manageengine:servicedesk_plus:7.6:*:*:*:*:*:*:*
manageengineservicedesk_plus8.0cpe:2.3:a:manageengine:servicedesk_plus:8.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
manageengine	servicedesk_plus	*	cpe:2.3:a:manageengine:servicedesk_plus::::::::
manageengine	servicedesk_plus	7.0.0	cpe:2.3:a:manageengine:servicedesk_plus:7.0.0:::::::*
manageengine	servicedesk_plus	7.6	cpe:2.3:a:manageengine:servicedesk_plus:7.6:::::::*
manageengine	servicedesk_plus	8.0	cpe:2.3:a:manageengine:servicedesk_plus:8.0:::::::*