ManageEngine ServiceDesk Plus before 9312 contains an XML injection at add Configuration items CMDB API.Referenceshttps://labs.integrity.pt/advisories/cve-2017-9362
