ManageEngine ServiceDesk Plus Multiple Vulnerabilities

medium Nessus Plugin ID 86886

Synopsis

The remote web server is affected by multiple vulnerabilities.

Description

The version of ManageEngine ServiceDesk Plus running on the remote web server is affected by multiple vulnerabilities :

- A security bypass vulnerability exists due to a misconfiguration in web.xml that allows access to the URL /workorder/FileDownload.jsp without requiring authentication.

- A path traversal vulnerability exists in the servlet that processes the URL /workorder/FileDownload.jsp due to improper sanitization of input to the 'fName' parameter.

Consequently, an unauthenticated, remote attacker can exploit these issues, by using a crafted directory traversal sequence, to retrieve arbitrary files through the web server, subject to the privileges that it operates under.

Solution

Upgrade to ManageEngine ServiceDesk Plus version 9.1 build 9111 or later.

See Also

https://www.manageengine.com/products/service-desk/readme.html#readme91

http://www.nessus.org/u?c6e05052

Plugin Details

Severity: Medium

ID: 86886

File Name: manageengine_servicedesk_fName_traversal.nasl

Version: 1.7

Type: remote

Family: CGI abuses

Published: 11/16/2015

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 4.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: cpe:/a:zohocorp:servicedesk_plus

Required KB Items: installed_sw/manageengine_servicedesk

Excluded KB Items: Settings/disable_cgi_scanning

Exploited by Nessus: true

Patch Publication Date: 9/28/2015

Vulnerability Publication Date: 9/28/2015