Описание
ZOHO ManageEngine ServiceDesk Plus (SDP) before 9.0 build 9031 allows remote authenticated users to obtain sensitive ticket information via a (1) getTicketData action to servlet/AJaxServlet or a direct request to (2) swf/flashreport.swf, (3) reports/flash/details.jsp, or (4) reports/CreateReportTable.jsp.
Ссылки
- Exploit
- Exploit
- Vendor Advisory
- Exploit
- Exploit
- Exploit
- Vendor Advisory
- Exploit
Уязвимые конфигурации
Конфигурация 1Версия до 9.0 (включая)
cpe:2.3:a:manageengine:servicedesk_plus:*:*:*:*:*:*:*:*
EPSS
Процентиль: 95%
0.1823
Средний
4 Medium
CVSS2
Дефекты
CWE-200
Связанные уязвимости
github
больше 3 лет назад
ZOHO ManageEngine ServiceDesk Plus (SDP) before 9.0 build 9031 allows remote authenticated users to obtain sensitive ticket information via a (1) getTicketData action to servlet/AJaxServlet or a direct request to (2) swf/flashreport.swf, (3) reports/flash/details.jsp, or (4) reports/CreateReportTable.jsp.
EPSS
Процентиль: 95%
0.1823
Средний
4 Medium
CVSS2
Дефекты
CWE-200