[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248038

 
 

909

 
 

194772

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2015-1480Date: (C)2015-02-04   (M)2023-12-22


ZOHO ManageEngine ServiceDesk Plus (SDP) before 9.0 build 9031 allows remote authenticated users to obtain sensitive ticket information via a (1) getTicketData action to servlet/AJaxServlet or a direct request to (2) swf/flashreport.swf, (3) reports/flash/details.jsp, or (4) reports/CreateReportTable.jsp.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.0
Exploit Score: 8.0
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality: PARTIAL
Integrity: NONE
Availability: NONE
  
Reference:
OSVDB-117499
http://www.securityfocus.com/archive/1/534538/100/0/threaded
EXPLOIT-DB-35904
BID-72302
http://packetstormsecurity.com/files/130081/ManageEngine-ServiceDesk-Plus-9.0-Privilege-Escalation.html
http://www.manageengine.com/products/service-desk/readme-9.0.html
http://www.rewterz.com/vulnerabilities/manageengine-servicedesk-plus-user-privileges-management-vulnerability

CWE    1
CWE-200

© SecPod Technologies