Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2015-1480Sensitive Information Exposure in Servicedesk Plus

CWE-200Sensitive Information Exposure4 documents4 sources
Severity
4.0MEDIUMNVD
EPSS
18.2%
top 4.79%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Manageengine Servicedesk Plus
Timeline
PublishedFeb 4
Latest updateMay 14

Description

ZOHO ManageEngine ServiceDesk Plus (SDP) before 9.0 build 9031 allows remote authenticated users to obtain sensitive ticket information via a (1) getTicketData action to servlet/AJaxServlet or a direct request to (2) swf/flashreport.swf, (3) reports/flash/details.jsp, or (4) reports/CreateReportTable.jsp.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 8.0 | Impact: 2.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-w3v7-w92j-r88x: ZOHO ManageEngine ServiceDesk Plus (SDP) before 92022-05-14
CVEList
CVE-2015-1480: ZOHO ManageEngine ServiceDesk Plus (SDP) before 92015-02-04

💥Exploits & PoCs

1
Exploit-DB
ManageEngine ServiceDesk Plus 9.0 < Build 9031 - User Privileges Management2015-01-26
CVE-2015-1480 — Sensitive Information Exposure | cvebase