Intrusion Prevention



This indicates an attack attempt against a Security Policy Bypass vulnerability in ManageEngine ServiceDesk.
The vulnerability is due to improper validation when a user is trying to access a specific resource. A remote attacker can exploit this to upload a malicious file on the affected machine and execute it under context of the current user, via a crafted request.

Affected Products

ManageEngine ServiceDesk Plus prior to 9.0 9103 build


System Compromise: Remote attackers can execute arbitrary code in the context of the affected user

Recommended Actions

Apply the latest update from the vendor

Other References