[Security advisory] Important fix released for ITSM products

[Security advisory] Important fix released for ITSM products

Hey there !

 

A critical security vulnerability issue was reported in ServiceDesk Plus, ServiceDesk Plus MSP, AssetExplorer, and SupportCenter Plus in late October, and has been addressed on October 27th, 2022.

 

We had earlier communicated the security advisory and the need to upgrade to all customers, on October 31st, 2022 and followed it up with a reminder on November 21st, 2022. This is a public post addressing the same issue.

 

Issue description:

 

By sending a specially crafted malformed request under specific circumstances, a remote attacker could cause unauthenticated remote code execution due to usage of a vulnerable third party library in the affected server. The library has now been updated to a safer version.

 

Version details:

 

Product Name

Affected Version(s)

Fixed Version(s)

Fixed On

ServiceDesk Plus

14000 series

13000 series

12000 series

11300 series

14004 and above

13012

12009

11315

27th October, 2022

ServiceDesk Plus MSP

13000 series
10600 series
10500 series

13001
10610
10538

27th October, 2022

AssetExplorer

6970 series

6950 series

6900 series

6983 and above

6958

6911

27th October, 2022

SupportCenter Plus

11000 series

11026

28th October, 2022

 

This advisory is applicable only if you had configured SAML-based SSO at least once in the past, regardless of your current SAML-based SSO status.

 

If you're using ManageEngine's unified agent from EndPoint Central for asset discovery, we recommend that you upgrade to the latest version of EndPoint Central 10.1.2220.18.

 

You can upgrade the applications using the relevant links below:

 Severity: 

‚ÄčManageEngine rates the severity level of this vulnerability as Critical.

 

What should the customer do?

 

ManageEngine recommends that you upgrade ServiceDesk Plus, ServiceDesk Plus MSP, AssetExplorer, and SupportCenter Plus, to the latest version immediately.

  1. Download the latest upgrade pack from the following links for the respective products:

  2. Apply the latest build to your existing product installation as per the upgrade pack instructions provided in the above links.

 

If you have any questions, please contact our product support at support@servicedeskplus.com.

 

Regards,

ManageEngine ITSM



      New to ADSelfService Plus?

        Resources

                  Related Products