OpManager - Security advisory regarding CVE-2020-11946
This is an announcement regarding a security advisory addressing an unauthenticated servlet call vulnerability fixed in the latest version of OpManager v12.4.196. PLEASE READ THROUGH THIS POST COMPLETELY to check whether your installation has been affected or not, and if affected, learn how you can resolve it. Issue and description: Unauthenticated API key disclosure - There was an unauthenticated access method to obtain the API key that was discovered in the product. This could be exploited
[Free webinar] ESM: How to rise to meet new service management challenges
We hope you all are safe and healthy. It’s our pleasure to bring you our webinar "ESM: How to rise to meet new service management challenges," featuring Forrester Principal Analyst Charles Betz, on May 27 at 9am PDT. With remote work becoming the new norm, service management professionals across companies now need to deliver services remotely. Employees can no longer just walk up to the service desk team when they need something. In this scenario, a single corporate portal that acts as the
ServiceDesk Plus MSP - version 10.5 - Build - 10507 Released
Dear User(s) We released ServiceDesk Plus MSP - version 10.5 - Build - 10507. Please refer to the Migration path table available here and upgrade to our latest build 10507. Behavior changes Agent Uninstall and Agent Remote Control functionalities have been removed from the application. Issues Fixed XSS Vulnerabilities are fixed. CSRF Vulnerabilities are fixed. Privilege escalation vulnerabilities are fixed. Remote code execution vulnerability in the windows agent scan is fixed. XXE vulnerabilities
[Blog] Benefits of Knowledge Management
Organizations that implement and maintain effective knowledge management see a substantial outcome as it helps: Reducing redundant works thus increases productivity and efficiency. Leveraging past experiences help to solve issues quicker. Providing better services to users. Users finding relevant information and resources themselves. Avoiding repeated mistakes. Accessing unique expertise widely. Knowledge management systems are proven effective in helping build more efficient work teams
User/technician API v3 changes over the ESM (11000) release
Dear Customers, Hope you are all aware that we are working on the next version of API (v3) now. We would like to share a part of this API v3 before the ESM release. So customers can be well prepared to adapt the new API changes anytime. Requester/technician related APIs(v1/v2) wont be supported anymore after the ESM (11000) release. You may need to update your existing requester/technician related API's with this latest v3 version. The ESM version has some changes towards the user/technician
[Tips & Tricks] Problem Management made simple
It is the process which is followed to deal with recurring issues and those incidents that don't have a solution so that we could reduce the disruption caused to the Service and increase the satisfaction of the End Users. Just like in comic books, Problem Management is one of the Heroes that could help in finding out the root causes and solutions to fix what goes wrong. Best Practices: Identify: The issue that proves to be recurring and pain should be identified in order to be considered as a Problem
Chrome fixes critical vulnerabilities - CVE-2020-6831 and CVE-2020-6464
Hello everyone, Google Chrome has updated its stable channel to 81.0.4044.138 for Windows, Mac, and Linux. This update addresses two security vulnerabilities. CVE ID Vulnerability Severity CVE-2020-6831 Stack buffer overflow in SCTP High CVE-2020-6464 Type confusion in Blink High To patch these vulnerabilities, initiate a sync between the Vulnerability Manager Plus server and the Central Patch repository. After the sync, search for the following Patch IDs or Bulletin ID and install them in
Chrome fixes critical vulnerabilities - CVE-2020-6831 and CVE-2020-6464
Hello everyone, Google Chrome has updated its stable channel to 81.0.4044.138 for Windows, Mac, and Linux. This update addresses two security vulnerabilities. CVE ID Vulnerability Severity CVE-2020-6831 Stack buffer overflow in SCTP High CVE-2020-6464 Type confusion in Blink High To patch these vulnerabilities, initiate a sync between the Patch Manager Plus server and the Central Patch repository. After the sync, search for the following Patch IDs or Bulletin ID and install them in your target
Chrome fixes critical vulnerabilities - CVE-2020-6831 and CVE-2020-6464
Hello everyone, Google Chrome has updated its stable channel to 81.0.4044.138 for Windows, Mac, and Linux. This update addresses two security vulnerabilities. CVE ID Vulnerability Severity CVE-2020-6831 Stack buffer overflow in SCTP High CVE-2020-6464 Type confusion in Blink High To patch these vulnerabilities, initiate a sync between the Desktop Central server and the Central Patch repository. After the sync, search for the following Patch IDs or Bulletin ID and install them in your target
[Tips & Tricks] HelpDesk Admin
Hello folks, We had quite a lot of users requesting for a role that provides full access to helpdesk management. Thus reduces the workload of SDAdmin. Upon discussing with many of our users, we have now introduced default "Helpdesk Config role" that allows to perform all request related customizations/operations across ServiceDesk. A technician associated with this role can perform periodic reviews and amendments of existing process, cascading knowledge update to the team and driving/leading the
Mozilla fixes security vulnerabilities in Firefox 76
Hello everyone, Mozilla has released fixes for several security vulnerabilities in Firefox 76. Below are the details of the vulnerabilities fixed. CVE ID Vulnerability Severity CVE-2020-12387 Use-after-free during worker shutdown Critical CVE-2020-12388 Sandbox escape with improperly guarded access tokens Critical CVE-2020-12389 Sandbox escape with improperly separated process types High CVE-2020-12390 Incorrect serialization of nsIPrincipal.origin for IPv6 addresses Moderate CVE-2020-12391
Mozilla fixes security vulnerabilities in Firefox 76
Hello everyone, Mozilla has released fixes for several security vulnerabilities in Firefox 76. Below are the details of the vulnerabilities fixed. CVE ID Vulnerability Severity CVE-2020-12387 Use-after-free during worker shutdown Critical CVE-2020-12388 Sandbox escape with improperly guarded access tokens Critical CVE-2020-12389 Sandbox escape with improperly separated process types High CVE-2020-12390 Incorrect serialization of nsIPrincipal.origin for IPv6 addresses Moderate CVE-2020-12391
Mozilla fixes security vulnerabilities in Firefox 76
Hello everyone, Mozilla has released fixes for several security vulnerabilities in Firefox 76. Below are the details of the vulnerabilities fixed. CVE ID Vulnerability Severity CVE-2020-12387 Use-after-free during worker shutdown Critical CVE-2020-12388 Sandbox escape with improperly guarded access tokens Critical CVE-2020-12389 Sandbox escape with improperly separated process types High CVE-2020-12390 Incorrect serialization of nsIPrincipal.origin for IPv6 addresses Moderate CVE-2020-12391
[Community Digest] ServiceDesk Plus - April 2020
Here is the recap of activities that happened in the month of April 2020! Product news: End of Life for API v1 for the request module Build releases - 11110, 11111, 11112 and their Release notes. User Education and Resources: Quick tips to create an effective remote access plan for your organization 7 ITIL® 4 tips for service professionals by the ITIL 4 co-author | ITIL 4 overview, benefits & more Configuring CIs, CI types, and relationships using CMDB in ServiceDesk Plus Our star PitStopper Gary
Deprecating Older API Versions
Hi All, All APIs provided by Desktop Central will be migrated from versions 1.0 and 1.1 to 1.2 and 1.3. Versions 1.2 and 1.3 are both supported for all API URIs, but it is recommended to use v1.3. We request all our users to migrate to the newer versions as soon as possible; the older versions will become non-functional with the upcoming build releases. The difference in structure of APIs is as follows: Old: Server_name/api/1.0(or 1.1)/desktop/authentication New: Server_name/api/1.2(or 1.3)/desktop/authentication
Extending our Live Chat support
Dear users, We are all dealing with the uncertainty around COVID-19 impacting people and countries around the world, teams everywhere are moving to remote work. We are committed to helping our users in all possible ways during this crisis. In addition to our online chat support for the US time zone, we have now extended our chat support for the UK time zone. Our support agents can be reached instantly on our support portal during the window of time mentioned below, Europe Time Window: US Time Window:
Critical issue while deploying Cisco Webex patch
Hello everyone, The Cisco Webex patch with Patch ID 313977 was released on Apr-28-2020 at 04:40 pm GMT. Regrettably, on installing this patch in certain machines, few of our customers got in touch with us stating a few issues. Following this, the patch was removed from the Vulnerability Manager Plus repository on the morning of Apr-29-2020, for further analysis of the situation. Issue when deploying Cisco Webex patch: Customers who have synced the database and deployed the Cisco Webex patch
Critical issue while deploying Cisco Webex patch
Hello everyone, The Cisco Webex patch with Patch ID 313977 was released on Apr-28-2020 at 04:40 pm GMT. Regrettably, on installing this patch in certain machines, few of our customers got in touch with us stating a few issues. Following this, the patch was removed from the Patch Manager Plus repository on the morning of Apr-29-2020, for further analysis of the situation. Issue when deploying Cisco Webex patch: Customers who have synced the database and deployed the Cisco Webex patch in the
ManageEngine OpManager is offering free, 24x7 tech support to its customers
Greetings from the ManageEngine OpManager team! Due to the global pandemic, maintaining business continuity has become quite tricky. Network uptime monitoring, bandwidth monitoring, firewall log analysis, port monitoring, and VPN management have all become major challenges now that IT admins have to carry these out while working remotely. During uncertain times like these, we all need to do our part to help. ManageEngine wants to do its part by increasing the availability of its support team. OpManager's
RecoveryManager Plus rolls out Build 6015
We are glad to release the latest version of RecoveryManager Plus build 6015 which adds a couple of new features and enhancements. New features: Backup storage in Azure: Store your Office 365 and Exchange backups in Azure Blob Storage and Azure file shares. Custom technician roles: Curate your own technician roles and provide varying levels of administrative privileges to end users based on your needs. Enhancements: Database backup: You can now backup Elasticsearch nodes configured in the product.
All Windows versions compromised due to critical Zero-day vulnerabilities
Hello folks, Two critical zero-day vulnerabilities have been discovered in Windows Adobe Type Manager Library. Both these vulnerabilities are unpatched and allows attackers to take remote control of the systems affected (Remote Code Execution vulnerability). As of now, the attacks are not widespread and only limited targeted systems are hit. Versions affected All versions of the Windows Operating system is susceptible to attacks including Windows version 10, 8.1, 7, and Server 2008, 2012, 2016,
[DidYouKnow-36] Contract Management life cycle
ServiceDesk Plus Contract Management helps you to organize and centralize contract tracking. The primary objective of contract management is to maintain a complete record of contracts of your organization with third-party vendors. You can track different types of contracts that are for lease, software licenses, support, maintenance, warranty, etc. Contract Management life cycle: New contract submission: You can create a new contract at [Contracts tab -> New contract ] provide the details of your
[Blog] Critical System Failure using Request Life Cycle: A Short Overview
Critical Systems Failure is a phrase that even the most experienced IT professionals do not want to hear. Imagine your first day as an IT engineer with your team, and a file server storing all your critical data has crashed. How would you and your team react? Of course, there were Disaster Recovery arrangements in place and you have hopes of getting it online with the least overhead cost to the business. However, who has the authorization to execute the DR plans? Who has the permissions and skill
ManageEngine recognized in Gartner Magic Quadrant for Application Performance Monitoring, again!
We are pleased to announce that leading analyst firm, Gartner, has recognized ManageEngine in its Magic Quadrant for Application Performance Monitoring for the eighth time in a decade! Download the report here Organizations need an optimal application performance monitoring tool to ensure a quality end-user experience. In the Magic Quadrant report, we believe Gartner provides detailed evaluations of 15 vendors based on specific criteria such as digital experience monitoring (DEM); application discovery,
ServiceDesk Plus MSP - version 10.5 - Build - 10506 Released
Dear User(s) We released ServiceDesk Plus MSP - version 10.5 - Build - 10506. Please refer to the Migration path table available here and upgrade to our latest build 10506. Issues Fixed XSS Vulnerabilities are fixed. CSRF Vulnerabilities are fixed. Privilege escalation vulnerabilities are fixed. SDPMSP-14905: Unable to view a Request in certain cases is fixed. SDPMSP-14883: Upgrade from 10500 to 10504 / 10505 got failed is fixed. SDPMSP-14746: SQL injection vulnerability detected in the unused sources
[Survey] The state of ITSM in the COVID-19 pandemic
Dear Users, We hope you are safe and healthy. Since organizations around the world have mandated work-from-home policies for their workers, IT teams are facing new challenges in delivering services effectively. To understand how IT service desk teams have risen to the occasion, we have decided to conduct a five-minute survey among IT admins and service desk staff to record their experience with remote work, especially in the areas of remote support tools, automation and self-service, and IT budgets
[Tips & Tricks] Ensure your business continuity using ServiceDesk Plus
As the world embraces the remote work policies due to the coronavirus pandemic, ServiceDesk Plus Team would like to help you in BCP. Here are some of the key features in ServiceDesk which will help you to to do this, Service Request: > Backup Approver: Having a backup approver set, the application automatically delegates the approval process in case of technician unavailability > ZIA approval: ZIA is a learning AI assistant that can take the approval process based on the keywords in the email. As
Chrome fixes critical vulnerabilities in the latest stable channel update
Hello everyone, Google Chrome stable channel has been updated to 81.0.4044.129 for Windows, Mac, and Linux. This update comes with security fixes for two critical vulnerabilities. The details of the vulnerabilities are as follows: CVE-ID Vulnerability Severity CVE-2020-6461 Use after free in storage High CVE-2020-6462 Use after free in task scheduling High To patch these vulnerabilities, initiate a sync between the Vulnerability Manager Plus server and the Central Patch repository. Search
Chrome fixes critical vulnerabilities in the latest stable channel update
Hello everyone, Google Chrome stable channel has been updated to 81.0.4044.129 for Windows, Mac, and Linux. This update comes with security fixes for two critical vulnerabilities. The details of the vulnerabilities are as follows: CVE-ID Vulnerability Severity CVE-2020-6461 Use after free in storage High CVE-2020-6462 Use after free in task scheduling High To patch these vulnerabilities, initiate a sync between the Desktop Central server and the Central Patch repository. Search for the following
Chrome fixes critical vulnerabilities in the latest stable channel update
Hello everyone, Google Chrome stable channel has been updated to 81.0.4044.129 for Windows, Mac, and Linux. This update comes with security fixes for two critical vulnerabilities. The details of the vulnerabilities are as follows: CVE-ID Vulnerability Severity CVE-2020-6461 Use after free in storage High CVE-2020-6462 Use after free in task scheduling High To patch these vulnerabilities, initiate a sync between the Patch Manager Plus server and the Central Patch repository. Search for the
[Tips & Tricks] Quick actions in ServiceDesk
As the name suggests you can do all the basic ServiceDesk Plus actions quickly in a single click using the Quick Actions option. Being a ServiceDesk Plus admin or technician, you should be doing a lot of multi-tasking on a day to day basis. While working on an Incident you might be getting the task of scanning a new asset or send a quick message regarding an outage or add a new software license or add a new solution in the application. In such scenarios, switching to other modules and going to the
[DidYouKnow-35] Customize request templates
Colors can make you look away or draw you in. It has the ability to create emotions as powerful as music can. Colors help us instantly understand our environment. It is fundamentally important to our everyday life as it is all around us all the time, helps the human mind to relate and respond to our world. With ServiceDesk Plus build 11110, we introduced an enhancement to customize request templates with colors, fonts, font sizes, background color, label placements and so on.
Fix for Security Issue in Mobile Device Manager Plus MSP
Mobile Device Manager Plus MSP has fixed an arbitrary file upload vulnerability. This vulnerability could otherwise have allowed a malicious user to upload any file without proper validation in the Windows app dependency file upload functionality. To exploit this vulnerability, the user must authenticate themselves by logging in to the Mobile Device Manager Plus MSP console; they also need permissions to add apps to the App Repository. These two prerequisites reduce the chance of someone exploiting
Fix for Security Issue in Mobile Device Manager Plus
Mobile Device Manager Plus has fixed an arbitrary file upload vulnerability. This vulnerability could otherwise have allowed a malicious user to upload any file without proper validation in the Windows app dependency file upload functionality. To exploit this vulnerability, the user must authenticate themselves by logging in to the Mobile Device Manager Plus console; they also need permissions to add apps to the App Repository. These two prerequisites reduce the chance of someone exploiting this
Important Notice for users migrating to 11108
Dear User, We deeply regret the inconvenience caused. We have identified an issue with this 11108 migration and this ppm has been revoked from our site. Users who had installed build 9.2 or older and had gradually migrated to 11106 will face migration issue while upgrading to 11108. We have identified the issue and are working on a fix. So we request users who had downloaded the ppm, to not apply it in their environment. Customers who started on builds greater than 9.2 and gradually had upgraded
[On-demand webinar] IT admin's guide to enabling organizational visibility
Sign up to watch our on-demand webinar on how IT admins can enable cross-functional visibility across the organization. During the session, we'll show you how analytics can help, Eliminate complex compliance, monitoring, and visibility issues. Efficiently unify disparate and complex business data spread across departments and functions. Provide decision-makers with a comprehensive overview via cross-functional reports and dashboards. Secure access to critical business data based on roles and permissions.
Chrome releases stable channel update to address critical vulnerabilities
Hello everyone, Google has updated its Chrome stable channel to 81.0.4044.122 for Windows, Mac, and Linux. This update comes with fixes for three critical vulnerabilities CVE ID Vulnerability Severity CVE-2020-6458 Out of bounds read and write in PDFium High CVE-2020-6459 Use after free in payments High CVE-2020-6460 Insufficient data validation in URL formatting High To patch these vulnerabilities using Vulnerability Manager Plus, initiate a sync between the Vulnerability Manager Plus server
Chrome releases stable channel update to address critical vulnerabilities
Hello everyone, Google has updated its Chrome stable channel to 81.0.4044.122 for Windows, Mac, and Linux. This update comes with fixes for three critical vulnerabilities CVE ID Vulnerability Severity CVE-2020-6458 Out of bounds read and write in PDFium High CVE-2020-6459 Use after free in payments High CVE-2020-6460 Insufficient data validation in URL formatting High To patch these vulnerabilities using Patch Manager Plus, initiate a sync between the Patch Manager Plus server and the Central
Chrome releases stable channel update to address critical vulnerabilities
Hello everyone, Google has updated its Chrome stable channel to 81.0.4044.122 for Windows, Mac, and Linux. This update comes with fixes for three critical vulnerabilities CVE ID Vulnerability Severity CVE-2020-6458 Out of bounds read and write in PDFium High CVE-2020-6459 Use after free in payments High CVE-2020-6460 Insufficient data validation in URL formatting High To patch these vulnerabilities using Desktop Central, initiate a sync between the Desktop Central server and the Central Patch
ServiceDesk Plus 11110 Released
Dear Users, We are glad to announce the release of latest servicepack 11110 for ServiceDesk Plus. This servicepack includes new enhancements , behaviour changes and Issue fixes. Enhancements : Unified Activities for Request & Tasks Technicians can now view requests in Classic View or choose to view both requests and tasks in Combined View, depending on their convenience. Click here to learn more about the classic view and click here to learn more about the combined view. Move Requests Across Instances
Next Page