virus logo Intrusion Prevention

ManageEngine.ServiceDesk.FileDownload.Directory.Traversal

description-logoDescription

This indicates an attack attempt to exploit a Directory Traversal vulnerability in ManageEngine ServiceDesk.
The vulnerability is caused by an improper validation of user supplied data when the vulnerable application handles a maliciously crafted request. An attacker can exploit this to execute arbitrary file download on the affected machine via a crafted request.

affected-products-logoAffected Products

ManageEngine ServiceDesk Plus 9.1 build 9110 and prior

Impact logoImpact

Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems

recomended-action-logoRecommended Actions

Apply the latest update from the vendor.
https://www.manageengine.com/products/service-desk/readme-9.1.html

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

References

https://www.manageengine.com/products/service-desk/readme-9.1.html
ID 41860
Created Dec 28, 2015
Updated Dec 27, 2017
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon
CVE ID
Default Action drop
Active
Affected OS Windows
Affected App Other