6.5
CVSSv2

CVE-2019-10008

Published: 24/04/2019 Updated: 25/04/2019
CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 656
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

Vulnerability Summary

Manage Engine ServiceDesk Plus could allow a remote authenticated malicious user to gain elevated privileges on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to escalate privileges.

Vulnerability Trend

Affected Products

Vendor Product Versions
ZohocorpServicedesk Plus9.3

Exploits

#!/usr/bin/python # Exploit Title: Manage Engine ServiceDesk Plus Version 93 Privileged Account Hijacking # Date: 30-03-2019 # Exploit Author: Ata Hakçıl, Melih Kaan Yıldız # Vendor: ManageEngine # Vendor Homepage: wwwmanageenginecom # Product: Service Desk Plus # Version: 93 # Tested On: Windows 10 64 bit # CVE : 2019-10008 # How to use ...

Mailing Lists

ManageEngine ServiceDesk Plus version 93 suffers from a user enumeration vulnerability ...

Github Repositories

CVE-2019-10008 ManageEngine Service Desk Plus 93 Privilaged account Hijacking Date: 30-03-2019 Exploit Author: Ata Hakçıl, Melih Kaan Yıldız Vendor: ManageEngine Vendor Homepage: wwwmanageenginecom Product: Service Desk Plus Version: 100 Tested On: Windows 10 64 bit CVE : 2019-10008 Complete Poc will be re-released after vendor patch More Info: flameofign