Primary

Context

ManageEngine ServiceDesk Plus MSP and SupportCenter Plus Authenticated Local File Inclusion Vulnerability

Vulnerability

Patched

A local file inclusion vulnerability has been identified in the Admin module of ManageEngine ServiceDesk Plus MSP and SupportCenter Plus, affecting versions prior to 14920. This vulnerability allows authenticated technicians to load help card content without proper validation, potentially leading to unauthorized access to local files on the web server.

Impact

Exploitation of this vulnerability could allow authenticated technicians to read any file from the installation folder via the web server.

Remediation

Users can upgrade to version 14920 by downloading the latest service pack for ServiceDesk Plus MSP or SupportCenter Plus and applying it to their existing installation. Instructions for applying the service pack are available on the ManageEngine website.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

0.6

exploitability

3.5

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

0.6

exploitability

3.5

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ManageEngine ServiceDesk Plus MSP and SupportCenter Plus Authenticated Local File Inclusion Vulnerability

Vulnerability

Impact

Remediation

Affected Products

ManageEngine ServiceDesk Plus MSP

ManageEngine SupportCenter Plus

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating