ManageEngine.Multiple.WsDiscoveryServlet.Directory.Traversal
Description
This indicates an attack attempt against an Path Traversal vulnerability in ManageEngine ServiceDesk Plus, AssetExplorer and IT360.
The vulnerability is due to insufficient sanitizing of user supplied inputs when handling a crafted HTTP packet. It allows a remote attacker to execute malicious codes against affected machine via crafted requests.
Affected Products
ManageEngine AssetExplorer prior to 6.1 build 6107
ManageEngine IT360 10.4 and prior
ManageEngine ServiceDesk Plus prior to 9.0 build 9027
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the latest update from the vendor
http://www.manageengine.com/products/service-desk/readme-9.0.html
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |