ManageEngine ServiceDesk Plus 9.1.0 < Build 9103 Multiple Vulnerabilities

high Nessus Plugin ID 85599

Synopsis

The remote web server hosts an application that is affected by multiple vulnerabilities.

Description

The remote host is running ManageEngine ServiceDesk Plus version 9.1.0 prior to build 9103. It is, therefore, affected by multiple vulnerabilities :

- A cross-site scripting vulnerability exists due to improper validation of user-supplied input on the 'Login' page. A remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code.

- A cross-site scripting vulnerability exists due to improper validation of user-supplied input when adding new software license types or options. A remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code.

- An unspecified flaw exists in the file attachment URL on the software details page.

- A cross-site scripting vulnerability exists due to improper validation of user-supplied input when sending reports by email. A remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code.

- A cross-site scripting vulnerability exists due to improper validation of user-supplied input to the 'module' and 'from' parameters when completing the 'Add new task' action. A remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code.

- A cross-site scripting vulnerability exists due to improper validation of user-supplied input to the 'UNIQUE_ID' parameter in the 'Solution' module. A remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code.

- A cross-site scripting vulnerability exists due to improper validation of user-supplied input to the email notification window. A remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code.

- A cross-site scripting vulnerability exists due to improper validation of user-supplied input to the request template, reminder, and technician calendar. A remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code.

- A security bypass vulnerability exists due to an unspecified flaw. An authenticated, remote attacker can exploit this to update incident details.

- A security bypass vulnerability exists due to an unspecified flaw. An authenticated, remote attacker can exploit this to access problem and change details.

- A cross-site scripting vulnerability exists due to improper validation of user-supplied input. A remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code.

- A SQL injection vulnerability exists due to improper sanitization of user-supplied input before using it in SQL queries. A remote attacker can exploit this to inject or manipulate SQL queries, resulting in the manipulation or disclosure of arbitrary data.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to ManageEngine ServiceDesk Plus version 9.1.0 build 9103 or later.

See Also

https://www.manageengine.com/products/service-desk/readme.html#readme91

Plugin Details

Severity: High

ID: 85599

File Name: manageengine_servicedesk_9_1_build9103.nasl

Version: 1.12

Type: remote

Family: CGI abuses

Published: 8/24/2015

Updated: 10/27/2021

Supported Sensors: Nessus

Risk Information

CVSS Score Rationale: Score based on analysis of the vendor advisory.

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: manual

CVSS v3

Risk Factor: High

Base Score: 7.3

Temporal Score: 6.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:manageengine:servicedesk_plus

Required KB Items: installed_sw/manageengine_servicedesk

Patch Publication Date: 7/23/2015

Vulnerability Publication Date: 7/23/2015