ManageEngine.ServiceDesk.File.Upload.Directory.Traversal
Description
This indicates an attack attempt against a Security Policy Bypass vulnerability in ManageEngine ServiceDesk.
The vulnerability is due to improper validation when a user is trying to access a specific resource. A remote attacker can exploit this to upload a malicious file on the affected machine and execute it under context of the current user, via a crafted request.
Affected Products
ManageEngine ServiceDesk Plus prior to 9.0 9103 build
Impact
System Compromise: Remote attackers can execute arbitrary code in the context of the affected user
Recommended Actions
Apply the latest update from the vendor
https://www.manageengine.com/products/service-desk/service-packs.html
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |