ManageEngine.Multiple.File.Attachment.Directory.Traversal
Description
This indicates an attack attempt against an Path Traversal vulnerability in ManageEngine ServiceDesk Plus, AssetExplorer, SupportCenter and
IT360.
The vulnerability is due to insufficient sanitizing of user supplied inputs when handling a crafted HTTP packet. It allows a remote attacker to execute malicious code against affected machine via crafted requests.
Affected Products
ManageEngine AssetExplorer 6.1 and prior
ManageEngine IT360 10.4 and prior
ManageEngine ServiceDesk Plus prior to 9.0 build 9031
ManageEngine SupportCenter 7.9 and prior
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the latest update from the vendor
http://www.manageengine.com/products/service-desk/readme-9.0.html
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2019-06-07 | 14.628 | Severity:medium:high |