This is a security advisory regarding the unauthenticated local file disclosure vulnerability in inline image handling in SupportCenter Plus, which has been identified and rectified. This affects users of SupportCenter Plus (all editions) running version 11021 and below.
This issue was reported by our internal security team on our bug bounty portal.
This vulnerability allows adversaries to download local files from the server on which SupportCenter Plus is installed by sending an e-mail to the e-mail address configured in the application with a crafted image URL pointing to the specific file. If the file is present in that location, it gets added as an attachment in the ticket conversation when a technician responds to or when a notification is triggered for the ticket.
What led to the vulnerability?
The image's URL was not being processed properly when a technician responded to it or when a notification was triggered for the ticket.
Who is affected?
This vulnerability affects SupportCenter Plus customers of all editions using versions 11021 and below.
How have we fixed it?
We have added additional checks to process the inline image to avoid the local file disclosure vulnerability.
How to find out if you are affected
Click the Help link in the top-right corner of the SupportCenter Plus web client, and select About from the drop-down to see your current version. If your current version of SupportCenter Plus (all editions) is 11021 or below, your installation is vulnerable.
Please follow this forum post for any further updates regarding this vulnerability.
What you can do
SupportCenter Plus customers who fit the above criteria can upgrade to the latest version (11022) using the appropriate migration path.
Important note: As always, make a copy of the entire SupportCenter Plus installation folder before applying the upgrade, and keep the copy in a separate location. If anything goes wrong during the upgrade, you will have this copy as a backup, which will keep all your settings intact. If you are using an Microsoft SQL Server as a backend database, back up the SupportCenter Plus database before upgrading. Once the upgrade is successfully completed, remember to delete the backup.
We offer our sincerest apologies for any inconvenience this may have caused. If you have any questions or concerns, please reach out to us at firstname.lastname@example.org.
UmashankarManageEngine SupportCenter Plus