PT-2019-8649 · Manageengine · Manageengine Servicedesk Plus

Filipe Reis

Publicado

2019-03-25

Atualizado

2019-04-02

CVE-2017-9376

CVSS v3.1

6.5

Média

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions ManageEngine ServiceDesk Plus versions prior to 9314

Description The issue is related to a local file inclusion vulnerability. This vulnerability is located in the defModule parameter within the DefaultConfigDef.do and AssetDefaultConfigDef.do files.

Recommendations For versions prior to 9314, update to version 9314 or later to resolve the issue. As a temporary workaround, consider restricting access to the defModule parameter in the affected files until a patch is applied.

Exploit

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

CVE-2017-9376

Produtos afetados

Manageengine Servicedesk Plus

PT-2019-8649 · Manageengine · Manageengine Servicedesk Plus

CVE-2017-9376

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4