ManageEngine ServiceDesk Plus 9.0 Privilege Escalation Vulnerability
2015-01-24T00:00:00
ID 1337DAY-ID-23181 Type zdt Reporter Ahmed Siddiqui Modified 2015-01-24T00:00:00
Description
ManageEngine ServiceDesk Plus version 9.0 prior to build 9031 suffers from a remote privilege escalation vulnerability due to improper access controls.
Title: ManageEngine ServiceDesk Plus User Privileges Management Vulnerability
Product: ServiceDesk Plus (http://www.manageengine.com/)
Affected Version: 9.0 (Other versions could also be affected)
Fixed Version: 9.0 Build 9031
Vulnerability Impact: Low
Advisory ID: REWTERZ-20140103
Published Date: 22-Jan-2015
Researcher: Muhammad Ahmed Siddiqui
Email: ahmed [at] rewterz.com
URL: http://www.rewterz.com/vulnerabilities/manageengine-servicedesk-plus-user-privileges-management-vulnerability
================================================================================
Product Introduction
===============
ServiceDesk Plus is a help desk software with integrated asset and
project management built on the ITIL framework. It is available in 29
different languages and is used by more than 85,000 companies, across
186 countries, to manage their IT help desk and assets.
Source: http://www.manageengine.com/products/service-desk/
Vulnerability Information
===================
Class: Improper Privilege Management
Impact: Low privileged user can access application data
Remotely Exploitable: Yes
Authentication Required: Yes
User interaction required: Yes
CVE Name: N/A
Vulnerability Description
==================
A user with limited privileges could gain access to certain
functionality that is available only to administrative users. For
example, users with Guest privileges can see the subjects of the
tickets, stats and other information related to tickets.
Proof-of-Concept
=============
http://127.0.0.1:8080/servlet/AJaxServlet?action=getTicketData&search=dateCrit
http://127.0.0.1:8080/swf/flashreport.swf
http://127.0.0.1:8080/reports/flash/details.jsp?group=Site
http://127.0.0.1:8080/reports/CreateReportTable.jsp?site=0
Timeline
======
23-Dec-2014 – Notification to Vendor
24-Dec-2014 – Response from Vendor
30-Dec-2014 – Vulnerability fixed by Vendor
About Rewterz
===========
Rewterz is a boutique Information Security company, committed to
consistently providing world class professional security services. Our
strategy revolves around the need to provide round-the-clock quality
information security services and solutions to our customers. We
maintain this standard through our highly skilled and professional
team, and custom-designed, customer-centric services and products.
http://www.rewterz.com
Complete list of vulnerability advisories published by Rewterz:
http://www.rewterz.com/resources/security-advisories
# 0day.today [2018-03-19] #
{"hash": "b291d01d8608949e4f8a047fa960e3dd9a0b716a1f4e4aa8ffebdbca618695fd", "id": "1337DAY-ID-23181", "lastseen": "2018-03-19T13:17:32", "viewCount": 0, "hashmap": [{"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "18b9012fa65f441679498cb302d2f5ab", "key": "description"}, {"hash": "2e0f562d87b2171ee82f37b89e926e38", "key": "href"}, {"hash": "89104756823e2d6f589d3b27b1e5679f", "key": "modified"}, {"hash": "89104756823e2d6f589d3b27b1e5679f", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "ff5678cb67410d3c83525209a589ceba", "key": "reporter"}, {"hash": "3f9e69bf076023e52af50198b8c43fdb", "key": "sourceData"}, {"hash": "bc18b535577ecab267fdab5243755b2a", "key": "sourceHref"}, {"hash": "fa54e49fbbd495fc7933f7e33a4a67a4", "key": "title"}, {"hash": "0678144464852bba10aa2eddf3783f0a", "key": "type"}], "bulletinFamily": "exploit", "cvss": {"score": 0.0, "vector": "NONE"}, "edition": 2, "enchantments": {"vulnersScore": 7.2}, "type": "zdt", "sourceHref": "https://0day.today/exploit/23181", "description": "ManageEngine ServiceDesk Plus version 9.0 prior to build 9031 suffers from a remote privilege escalation vulnerability due to improper access controls.", "title": "ManageEngine ServiceDesk Plus 9.0 Privilege Escalation Vulnerability", "history": [{"bulletin": {"hash": "fa9fc5cebc0b9ad966d3c878e84c0619bfa1c006261db53145ee815f219d0ae2", "id": "1337DAY-ID-23181", "lastseen": "2016-04-20T01:30:28", "enchantments": {"score": null}, "hashmap": [{"hash": "6ace578c15c661c664b10b16db775ca4", "key": "sourceData"}, {"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "fa54e49fbbd495fc7933f7e33a4a67a4", "key": "title"}, {"hash": "0678144464852bba10aa2eddf3783f0a", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "ff5678cb67410d3c83525209a589ceba", "key": "reporter"}, {"hash": "89104756823e2d6f589d3b27b1e5679f", "key": "modified"}, {"hash": "18b9012fa65f441679498cb302d2f5ab", "key": "description"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "9dad31aad121c31c495fc1c75fb3a13e", "key": "sourceHref"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "7bc7e1a158148bc0c425dd5081b40980", "key": "href"}, {"hash": "89104756823e2d6f589d3b27b1e5679f", "key": "published"}], "bulletinFamily": "exploit", "history": [], "edition": 1, "type": "zdt", "sourceHref": "http://0day.today/exploit/23181", "description": "ManageEngine ServiceDesk Plus version 9.0 prior to build 9031 suffers from a remote privilege escalation vulnerability due to improper access controls.", "viewCount": 0, "title": "ManageEngine ServiceDesk Plus 9.0 Privilege Escalation Vulnerability", "cvss": {"score": 0.0, "vector": "NONE"}, "objectVersion": "1.0", "cvelist": [], "sourceData": "Title: ManageEngine ServiceDesk Plus User Privileges Management Vulnerability\r\nProduct: ServiceDesk Plus (http://www.manageengine.com/)\r\nAffected Version: 9.0 (Other versions could also be affected)\r\nFixed Version: 9.0 Build 9031\r\nVulnerability Impact: Low\r\nAdvisory ID: REWTERZ-20140103\r\nPublished Date: 22-Jan-2015\r\nResearcher: Muhammad Ahmed Siddiqui\r\nEmail: ahmed [at] rewterz.com\r\nURL: http://www.rewterz.com/vulnerabilities/manageengine-servicedesk-plus-user-privileges-management-vulnerability\r\n\r\n================================================================================\r\n\r\n\r\nProduct Introduction\r\n===============\r\n\r\nServiceDesk Plus is a help desk software with integrated asset and\r\nproject management built on the ITIL framework. It is available in 29\r\ndifferent languages and is used by more than 85,000 companies, across\r\n186 countries, to manage their IT help desk and assets.\r\n\r\n\r\nSource: http://www.manageengine.com/products/service-desk/\r\n\r\n\r\nVulnerability Information\r\n===================\r\n\r\nClass: Improper Privilege Management\r\nImpact: Low privileged user can access application data\r\nRemotely Exploitable: Yes\r\nAuthentication Required: Yes\r\nUser interaction required: Yes\r\nCVE Name: N/A\r\n\r\n\r\nVulnerability Description\r\n==================\r\n\r\nA user with limited privileges could gain access to certain\r\nfunctionality that is available only to administrative users. For\r\nexample, users with Guest privileges can see the subjects of the\r\ntickets, stats and other information related to tickets.\r\n\r\n\r\nProof-of-Concept\r\n=============\r\n\r\nhttp://127.0.0.1:8080/servlet/AJaxServlet?action=getTicketData&search=dateCrit\r\n\r\nhttp://127.0.0.1:8080/swf/flashreport.swf\r\n\r\nhttp://127.0.0.1:8080/reports/flash/details.jsp?group=Site\r\n\r\nhttp://127.0.0.1:8080/reports/CreateReportTable.jsp?site=0\r\n\r\n\r\n\r\nTimeline\r\n======\r\n\r\n23-Dec-2014 \u2013 Notification to Vendor\r\n24-Dec-2014 \u2013 Response from Vendor\r\n30-Dec-2014 \u2013 Vulnerability fixed by Vendor\r\n\r\n\r\nAbout Rewterz\r\n===========\r\n\r\nRewterz is a boutique Information Security company, committed to\r\nconsistently providing world class professional security services. Our\r\nstrategy revolves around the need to provide round-the-clock quality\r\ninformation security services and solutions to our customers. We\r\nmaintain this standard through our highly skilled and professional\r\nteam, and custom-designed, customer-centric services and products.\r\n\r\nhttp://www.rewterz.com\r\n\r\n\r\nComplete list of vulnerability advisories published by Rewterz:\r\n\r\nhttp://www.rewterz.com/resources/security-advisories\n\n# 0day.today [2016-04-20] #", "published": "2015-01-24T00:00:00", "references": [], "reporter": "Ahmed Siddiqui", "modified": "2015-01-24T00:00:00", "href": "http://0day.today/exploit/description/23181"}, "lastseen": "2016-04-20T01:30:28", "edition": 1, "differentElements": ["sourceHref", "sourceData", "href"]}], "objectVersion": "1.3", "cvelist": [], "sourceData": "Title: ManageEngine ServiceDesk Plus User Privileges Management Vulnerability\r\nProduct: ServiceDesk Plus (http://www.manageengine.com/)\r\nAffected Version: 9.0 (Other versions could also be affected)\r\nFixed Version: 9.0 Build 9031\r\nVulnerability Impact: Low\r\nAdvisory ID: REWTERZ-20140103\r\nPublished Date: 22-Jan-2015\r\nResearcher: Muhammad Ahmed Siddiqui\r\nEmail: ahmed [at] rewterz.com\r\nURL: http://www.rewterz.com/vulnerabilities/manageengine-servicedesk-plus-user-privileges-management-vulnerability\r\n\r\n================================================================================\r\n\r\n\r\nProduct Introduction\r\n===============\r\n\r\nServiceDesk Plus is a help desk software with integrated asset and\r\nproject management built on the ITIL framework. It is available in 29\r\ndifferent languages and is used by more than 85,000 companies, across\r\n186 countries, to manage their IT help desk and assets.\r\n\r\n\r\nSource: http://www.manageengine.com/products/service-desk/\r\n\r\n\r\nVulnerability Information\r\n===================\r\n\r\nClass: Improper Privilege Management\r\nImpact: Low privileged user can access application data\r\nRemotely Exploitable: Yes\r\nAuthentication Required: Yes\r\nUser interaction required: Yes\r\nCVE Name: N/A\r\n\r\n\r\nVulnerability Description\r\n==================\r\n\r\nA user with limited privileges could gain access to certain\r\nfunctionality that is available only to administrative users. For\r\nexample, users with Guest privileges can see the subjects of the\r\ntickets, stats and other information related to tickets.\r\n\r\n\r\nProof-of-Concept\r\n=============\r\n\r\nhttp://127.0.0.1:8080/servlet/AJaxServlet?action=getTicketData&search=dateCrit\r\n\r\nhttp://127.0.0.1:8080/swf/flashreport.swf\r\n\r\nhttp://127.0.0.1:8080/reports/flash/details.jsp?group=Site\r\n\r\nhttp://127.0.0.1:8080/reports/CreateReportTable.jsp?site=0\r\n\r\n\r\n\r\nTimeline\r\n======\r\n\r\n23-Dec-2014 \u2013 Notification to Vendor\r\n24-Dec-2014 \u2013 Response from Vendor\r\n30-Dec-2014 \u2013 Vulnerability fixed by Vendor\r\n\r\n\r\nAbout Rewterz\r\n===========\r\n\r\nRewterz is a boutique Information Security company, committed to\r\nconsistently providing world class professional security services. Our\r\nstrategy revolves around the need to provide round-the-clock quality\r\ninformation security services and solutions to our customers. We\r\nmaintain this standard through our highly skilled and professional\r\nteam, and custom-designed, customer-centric services and products.\r\n\r\nhttp://www.rewterz.com\r\n\r\n\r\nComplete list of vulnerability advisories published by Rewterz:\r\n\r\nhttp://www.rewterz.com/resources/security-advisories\n\n# 0day.today [2018-03-19] #", "published": "2015-01-24T00:00:00", "references": [], "reporter": "Ahmed Siddiqui", "modified": "2015-01-24T00:00:00", "href": "https://0day.today/exploit/description/23181"}
