ManageEngine ServiceDesk Plus 9.0 Privilege Escalation Vulnerability

{"type": "zdt", "lastseen": "2016-04-20T01:30:28", "bulletinFamily": "exploit", "cvelist": [], "history": [], "title": "ManageEngine ServiceDesk Plus 9.0 Privilege Escalation Vulnerability", "published": "2015-01-24T00:00:00", "href": "http://0day.today/exploit/description/23181", "cvss": {"vector": "NONE", "score": 0}, "description": "ManageEngine ServiceDesk Plus version 9.0 prior to build 9031 suffers from a remote privilege escalation vulnerability due to improper access controls.", "hash": "0fa9fcbaa1a6f9a33a7ae4a694d0323f42177300cc97d36496b5c3459e157bc3", "references": [], "objectVersion": "1.0", "edition": 1, "sourceData": "Title: ManageEngine ServiceDesk Plus User Privileges Management Vulnerability\r\nProduct: ServiceDesk Plus (http://www.manageengine.com/)\r\nAffected Version: 9.0 (Other versions could also be affected)\r\nFixed Version: 9.0 Build 9031\r\nVulnerability Impact: Low\r\nAdvisory ID: REWTERZ-20140103\r\nPublished Date: 22-Jan-2015\r\nResearcher: Muhammad Ahmed Siddiqui\r\nEmail: ahmed [at] rewterz.com\r\nURL: http://www.rewterz.com/vulnerabilities/manageengine-servicedesk-plus-user-privileges-management-vulnerability\r\n\r\n================================================================================\r\n\r\n\r\nProduct Introduction\r\n===============\r\n\r\nServiceDesk Plus is a help desk software with integrated asset and\r\nproject management built on the ITIL framework. It is available in 29\r\ndifferent languages and is used by more than 85,000 companies, across\r\n186 countries, to manage their IT help desk and assets.\r\n\r\n\r\nSource: http://www.manageengine.com/products/service-desk/\r\n\r\n\r\nVulnerability Information\r\n===================\r\n\r\nClass: Improper Privilege Management\r\nImpact: Low privileged user can access application data\r\nRemotely Exploitable: Yes\r\nAuthentication Required: Yes\r\nUser interaction required: Yes\r\nCVE Name: N/A\r\n\r\n\r\nVulnerability Description\r\n==================\r\n\r\nA user with limited privileges could gain access to certain\r\nfunctionality that is available only to administrative users. For\r\nexample, users with Guest privileges can see the subjects of the\r\ntickets, stats and other information related to tickets.\r\n\r\n\r\nProof-of-Concept\r\n=============\r\n\r\nhttp://127.0.0.1:8080/servlet/AJaxServlet?action=getTicketData&search=dateCrit\r\n\r\nhttp://127.0.0.1:8080/swf/flashreport.swf\r\n\r\nhttp://127.0.0.1:8080/reports/flash/details.jsp?group=Site\r\n\r\nhttp://127.0.0.1:8080/reports/CreateReportTable.jsp?site=0\r\n\r\n\r\n\r\nTimeline\r\n======\r\n\r\n23-Dec-2014 \u2013 Notification to Vendor\r\n24-Dec-2014 \u2013 Response from Vendor\r\n30-Dec-2014 \u2013 Vulnerability fixed by Vendor\r\n\r\n\r\nAbout Rewterz\r\n===========\r\n\r\nRewterz is a boutique Information Security company, committed to\r\nconsistently providing world class professional security services. Our\r\nstrategy revolves around the need to provide round-the-clock quality\r\ninformation security services and solutions to our customers. We\r\nmaintain this standard through our highly skilled and professional\r\nteam, and custom-designed, customer-centric services and products.\r\n\r\nhttp://www.rewterz.com\r\n\r\n\r\nComplete list of vulnerability advisories published by Rewterz:\r\n\r\nhttp://www.rewterz.com/resources/security-advisories\n\n# 0day.today [2016-04-20] #", "id": "1337DAY-ID-23181", "sourceHref": "http://0day.today/exploit/23181", "modified": "2015-01-24T00:00:00", "reporter": "Ahmed Siddiqui", "enchantments": {"vulnersScore": 8.2}}