Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-1480

Overview

Vulnerability Score 4.0 4.0
CVE Id CVE-2015-1480
Last Modified 04 Feb 2015 02:43:08
Published 04 Feb 2015 11:59:09
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2015-1480

Summary

ZOHO ManageEngine ServiceDesk Plus (SDP) before 9.0 build 9031 allows remote authenticated users to obtain sensitive ticket information via a (1) getTicketData action to servlet/AJaxServlet or a direct request to (2) swf/flashreport.swf, (3) reports/flash/details.jsp, or (4) reports/CreateReportTable.jsp.

Vulnerable Systems

Application

  • Manageengine Servicedesk Plus 9.0


References

BID - 72302

BUGTRAQ - 20150122 Fwd: REWTERZ-20140103 - ManageEngine ServiceDesk Plus User Privileges Management Vulnerability

MISC - http://www.rewterz.com/vulnerabilities/manageengine-servicedesk-plus-user-privileges-management-vulnerability

MISC - http://www.manageengine.com/products/service-desk/readme-9.0.html

EXPLOIT-DB - 35904

MISC - http://packetstormsecurity.com/files/130081/ManageEngine-ServiceDesk-Plus-9.0-Privilege-Escalation.html

OSVDB - 117499


Last Updated: 27 May 2016 11:07:42