Signature Detail

HTTP: ManageEngine ServiceDesk Plus User Privileges Bypass

This signature detects attempts to exploit a known vulnerability against ManageEngine ServiceDesk Plus. Successful exploitation could lead to unauthorized access.

Extended Description

ZOHO ManageEngine ServiceDesk Plus (SDP) before 9.0 build 9031 allows remote authenticated users to obtain sensitive ticket information via a (1) getTicketData action to servlet/AJaxServlet or a direct request to (2) swf/flashreport.swf, (3) reports/flash/details.jsp, or (4) reports/CreateReportTable.jsp.

Affected Products

• Manageengine servicedesk_plus 9.0

References

• BugTraq: 72302
• CVE: CVE-2015-1480