Insecure Direct Object Reference (IDOR) Vulnerability in Zoho ManageEngine ServiceDesk Plus (SDP) Allows Unauthorized Access to Attachments

Insecure Direct Object Reference (IDOR) Vulnerability in Zoho ManageEngine ServiceDesk Plus (SDP) Allows Unauthorized Access to Attachments

CVE-2019-8395 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

An Insecure Direct Object Reference (IDOR) vulnerability exists in Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10007 via an attachment to a request.

Learn more about our Web Application Penetration Testing UK.