Authentication Bypass in ManageEngine ServiceDesk Plus by Zoho Corporation
CVE-2011-2756

Currently unrated

Key Information:

Vendor: Manageengine
Status: Servicedesk Plus
Vendor: CVE Published:; 17 July 2011

Summary

The ManageEngine ServiceDesk Plus software contains a vulnerability in the FileDownload.jsp component where authentication is not required. This issue enables remote attackers to gain unauthorized access and read files from a specified directory. The vulnerability exists in version 8.0 prior to Build 8012 and can be exploited through various unspecified vectors, posing a threat to sensitive information stored within the application.

References

http://www.kb.cert.org/vuls/id/543310

third-party-advisoryx_refsource_CERT-VN

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Jul 17, 2011