Summary
This host is installed with ZOHO ManageEngine
ServiceDesk Plus (SDP) and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow remote
authenticated attackers to gain access to ticket information and inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
Impact Level: Application
Solution
Upgrade to version 9.0 build 9031 or later,
For updates refer http://www.manageengine.com/products/service-desk
Insight
Flaws are due to the CreateReportTable.jsp
script not properly sanitizing user-supplied input to the 'site' parameter and not properly restricting access to (1) getTicketData action to servlet /AJaxServlet or a direct request to (2) swf/flashreport.swf, (3) reports /flash/details.jsp, or (4) reports/CreateReportTable.jsp.
Affected
ZOHO ManageEngine ServiceDesk Plus (SDP)
version before 9.0 build 9031
Detection
Get the installed version with
the help of detect NVT and check the version is vulnerable or not.
References
- http://osvdb.org/117499
- http://osvdb.org/117500
- http://packetstormsecurity.com/files/130079
- http://www.exploit-db.com/exploits/35890
- http://www.manageengine.com/products/service-desk/readme-9.0.html
- http://www.rewterz.com/vulnerabilities/manageengine-servicedesk-sql-injection-vulnerability
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2015-1479, CVE-2015-1480 -
CVSS Base Score: 6.5
AV:N/AC:L/Au:S/C:P/I:P/A:P
Related Vulnerabilities
- appRain CMF 'uploadify.php' Remote Arbitrary File Upload Vulnerability
- Abtp Portal Project 'ABTPV_BLOQUE_CENT' Parameter Local and Remote File Include Vulnerabilities
- AjaXplorer 'doc_file' Parameter Local File Disclosure Vulnerability
- Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
- /cgi-bin directory browsable ?