|
|
|||
| Rule General Information |
|---|
| Release Date: | 2015-03-06 | |
| Rule Name: | Manageengine Servicedesk Plus User Security Policy Bypass Vulnerability -2 (CVE-2015-1480) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | ZOHO ManageEngine ServiceDesk Plus (SDP) before 9.0 build 9031 allows remote authenticated users to obtain sensitive ticket information via a (1) getTicketData action to servlet/AJaxServlet or a direct request to (2) swf/flashreport.swf, (3) reports/flash/details.jsp, or (4) reports/CreateReportTable.jsp. | |
| Impact: | An attacker can take advantage of the vulnerability to bypass the security policy implemented by the software administrator, and perform unauthorized actions to the target system. | |
| Affected OS: | Windows | |
| Reference: | ExploitDB:35904 SecurityFocusBID:72302 |
|
| Solutions |
|---|
| More advisories have been published on the website, please visit for more suggestions: http://www.manageengine.com/products/service-desk/readme-9.0.html |