We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0. This vulnerability could allow a remote attacker to inject arbitrary HTTP headers and perform HTTP response splitting attacks via the fileName parameter in /STATE_ID/1613157927228/InvSWMetering.csv.
Reserved 2023-09-05 | Published 2023-11-03 | Updated 2024-09-05 | Assigner INCIBECWE-93 Improper Neutralization of CRLF Sequences ('CRLF Injection')
Rafael Pedrero
www.incibe.es/...ulnerabilities-manageengine-desktop-central
Support options