The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file downloads due to improper restrictions of the pathname used in the name parameter for the download-snapshot URL. An unauthenticated remote attacker can use this vulnerability to download arbitrary files.
[
{
"product": "ManageEngine ServiceDesk",
"vendor": "Zoho",
"versions": [
{
"status": "affected",
"version": "9.3.9328"
}
]
}
]