2 matches found
ManageEngine ServiceDesk Plus User Privileges Bypass (CVE-2015-1480)
A policy bypass vulnerability exists in ManageEngine ServiceDesk Plus. The vulnerability is due to a design weakness when handling certain URLs which require administrative access. A remote, authenticated attacker can exploit this vulnerability by sending a specially crafted request to the target...
CVE-2015-1480
CVE-2015-1480 : ManageEngine ServiceDesk Plus (SDP) prior to 9.0 build 9031 is vulnerable to information disclosure. Remote authenticated users can obtain sensitive ticket data via (1) getTicketData action to servlet/AJaxServlet or (2) direct requests to swf/flashreport.swf, (3) reports/flash/det...