|Date: (C)2017-11-10 (M)2017-11-10|
|CVSS Score: 6.5||Access Vector: |
|Exploitability Subscore: ||Access Complexity: |
|Impact Subscore: ||Authentication: |
| ||Confidentiality: |
| ||Integrity: |
| ||Availability: |
The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file downloads due to improper restrictions of the pathname used in the name parameter for the download-snapshot URL. An unauthenticated remote attacker can use this vulnerability to download arbitrary files.