Information disclosure in Manageengine Servicedesk_plus

CVE-2015-1480

ZOHO ManageEngine ServiceDesk Plus (SDP) before 9.0 build 9031 allows remote authenticated users to obtain sensitive ticket information via a (1) getTicketData action to servlet/AJaxServlet or a direct request to (2) swf/flashreport.swf, (…

Vulnerability class: Information Disclosure

EPSS: 0.182 (95.3th percentile) — read the EPSS interpretation.

Affected products

Manageengine Servicedesk_plus
N/a — versions n/a

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

117499 (x_refsource_OSVDB, vdb-entry)
35904 (Exploit, exploit, x_refsource_EXPLOIT-DB)
72302 (vdb-entry, x_refsource_BID)
20150122 Fwd: REWTERZ-20140103 - ManageEngine ServiceDesk Plus User Privileges Management Vulnerability (mailing-list, x_refsource_BUGTRAQ)
cve@mitre.org (Exploit, x_refsource_MISC)
cve@mitre.org (Exploit, x_refsource_MISC)
cve@mitre.org (x_refsource_MISC, Vendor Advisory)