Intrusion Prevention

ManageEngine.Multiple.File.Attachment.Directory.Traversal

Description

This indicates an attack attempt against an Path Traversal vulnerability in ManageEngine ServiceDesk Plus, AssetExplorer, SupportCenter and
IT360.
The vulnerability is due to insufficient sanitizing of user supplied inputs when handling a crafted HTTP packet. It allows a remote attacker to execute malicious code against affected machine via crafted requests.

Affected Products

ManageEngine AssetExplorer 6.1 and prior
ManageEngine IT360 10.4 and prior
ManageEngine ServiceDesk Plus prior to 9.0 build 9031
ManageEngine SupportCenter 7.9 and prior

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Apply the latest update from the vendor
http://www.manageengine.com/products/service-desk/readme-9.0.html

CVE References

CVE-2014-5301