CVE-2019-8395 : What You Need to Know

Zoho ManageEngine ServiceDesk Plus (SDP) before version 10.0 build 10007 has an Insecure Direct Object Reference (IDOR) vulnerability related to attachments in requests.

Understanding CVE-2019-8395

This CVE involves a security flaw in Zoho ManageEngine ServiceDesk Plus (SDP) that could be exploited through request attachments.

What is CVE-2019-8395?

An Insecure Direct Object Reference (IDOR) vulnerability in Zoho ManageEngine ServiceDesk Plus (SDP) before version 10.0 build 10007 allows unauthorized access to attachments in requests.

The Impact of CVE-2019-8395

This vulnerability could lead to unauthorized users accessing sensitive information attached to service requests in Zoho ManageEngine ServiceDesk Plus (SDP).

Technical Details of CVE-2019-8395

This section provides more technical insights into the vulnerability.

Vulnerability Description

The vulnerability in Zoho ManageEngine ServiceDesk Plus (SDP) before version 10.0 build 10007 allows for Insecure Direct Object Reference (IDOR) attacks through request attachments.

Affected Systems and Versions

Product: Zoho ManageEngine ServiceDesk Plus (SDP)
Versions affected: Before 10.0 build 10007

Exploitation Mechanism

The vulnerability can be exploited by unauthorized users to gain access to attachments in service requests within Zoho ManageEngine ServiceDesk Plus (SDP).

Mitigation and Prevention

To address CVE-2019-8395, follow these mitigation steps:

Immediate Steps to Take

Upgrade Zoho ManageEngine ServiceDesk Plus (SDP) to version 10.0 build 10007 or later.
Regularly monitor and review access to attachments in service requests.

Long-Term Security Practices

Implement access controls to restrict unauthorized access to sensitive information.
Conduct regular security assessments and audits to identify and address vulnerabilities.

Patching and Updates

Stay informed about security updates and patches released by Zoho ManageEngine for ServiceDesk Plus (SDP) to address vulnerabilities like CVE-2019-8395.