ZOHO ManageEngine ServiceDesk Plus User Privilege Vulnerability

ZOHO ManageEngine ServiceDesk Plus SDP is the United States ZhuoHao ZOHO company's set of ITIL architecture based on IT service management software ITSM. The software integrates incident management, problem management, asset management, IT project management, procurement and contract management a...

CVE-2018-7248

An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3 Build 9317. Unauthenticated users are able to validate domain user accounts by sending a request containing the username to an API endpoint. The endpoint will return the user's logon domain if the accounts exists, or 'null' if it...