CVE-2017-16924 – Remote Information Disclosure and Escalation of Privileges in ManageEngine Desktop Central …

0

Vuln ID: CVE-2017-16924

Published: 2018-02-19  04:29:00Z

Description: Remote Information Disclosure and Escalation of Privileges in ManageEngine Desktop Central MSP 10.0.137 allows attackers to download unencrypted XML files containing all data for configuration policies via a predictable /client-data/<client_id>/collections/##/usermgmt.xml URL, as demonstrated by passwords and Wi-Fi keys. This is fixed in build 100157.

Source: NVD.NIST.GOV