QwikSec

Security Database

CVE

CWE

Training

CVE-2015-1480

Published: Feb 4, 2015

Modified: Aug 6, 2024

PUBLISHED

Description

ZOHO ManageEngine ServiceDesk Plus (SDP) before 9.0 build 9031 allows remote authenticated users to obtain sensitive ticket information via a (1) getTicketData action to servlet/AJaxServlet or a direct request to (2) swf/flashreport.swf, (3) reports/flash/details.jsp, or (4) reports/CreateReportTable.jsp.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vdb-entry

x_refsource_OSVDB

exploit

x_refsource_EXPLOIT-DB

vdb-entry

x_refsource_BID

20150122 Fwd: REWTERZ-20140103 - ManageEngine ServiceDesk Plus User Privileges Management Vulnerability

mailing-list

x_refsource_BUGTRAQ

http://www.rewterz.com/vulnerabilities/manageengine-servicedesk-plus-user-privileges-management-vulnerability

x_refsource_MISC

http://packetstormsecurity.com/files/130081/ManageEngine-ServiceDesk-Plus-9.0-Privilege-Escalation.html

x_refsource_MISC

http://www.manageengine.com/products/service-desk/readme-9.0.html

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.