PT-2019-8649 · Manageengine · Manageengine Servicedesk Plus

Filipe Reis

Published

2019-03-25

Updated

2019-04-02

CVE-2017-9376

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions ManageEngine ServiceDesk Plus versions prior to 9314

Description The issue is related to a local file inclusion vulnerability. This vulnerability is located in the defModule parameter within the DefaultConfigDef.do and AssetDefaultConfigDef.do files.

Recommendations For versions prior to 9314, update to version 9314 or later to resolve the issue. As a temporary workaround, consider restricting access to the defModule parameter in the affected files until a patch is applied.

Exploit

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2017-9376

Affected Products

Manageengine Servicedesk Plus

PT-2019-8649 · Manageengine · Manageengine Servicedesk Plus

CVE-2017-9376

Weakness Enumeration

Related Identifiers

Affected Products

References · 4