Test ID:	1.3.6.1.4.1.25623.1.0.805807
Category:	Web application abuses
Title:	ManageEngine SupportCenter Plus Multiple Vulnerabilities (Jun 2015)
Summary:	ManageEngine SupportCenter Plus is prone to multiple; vulnerabilities.
Description:	Summary: ManageEngine SupportCenter Plus is prone to multiple vulnerabilities. Vulnerability Insight: The following vulnerabilities exist: - Missing user access control mechanisms - 'module' parameter to /workorder/Attachment.jsp?component=Request is not properly sanitized to check '../' characters - 'query' and 'compAcct' parameters are not properly sanitized before passing to /jsp/ResetADPwd.jsp and jsp/CacheScreenWidth.jsp scripts Vulnerability Impact: Successful exploitation will allow remote attackers to inject HTML or script code, upload arbitrary files and bypass access restrictions. Affected Software/OS: ManageEngine SupportCenter Plus build 7900 and prior. Solution: No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one. CVSS Score: 5.5 CVSS Vector: AV:N/AC:L/Au:S/C:N/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2015-5149 BugTraq ID: 75512 http://www.securityfocus.com/bid/75512 https://www.exploit-db.com/exploits/37322/ http://packetstormsecurity.com/files/132376/ManageEngine-SupportCenter-Plus-7.90-XSS-Traversal-Password-Disclosure.html http://www.vulnerability-lab.com/get_content.php?id=1501 Common Vulnerability Exposure (CVE) ID: CVE-2015-5150
Copyright	Copyright (C) 2015 Greenbone Networks GmbH

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.