Security Advisory

CVE-2017-16924

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2018-02-19 04:00:00

Last updated 2024-08-05 20:35:21

Assigner mitre

State PUBLISHED

Description

Remote Information Disclosure and Escalation of Privileges in ManageEngine Desktop Central MSP 10.0.137 allows attackers to download unencrypted XML files containing all data for configuration policies via a predictable /client-data/<client_id>/collections/##/usermgmt.xml URL, as demonstrated by passwords and Wi-Fi keys. This is fixed in build 100157.

← Browse all CVEs View on cve.org ↗