ServiceDesk Plus 9103 Released
Dear Users,
SD-60088 : 'X-Powered-By' response header has been removed toprotect the server details.
SD-60099 : XSS vulnerability in login page.
SD-60096 : XSS vulnerability when adding new software license type and option.
SD-59982 : Vulnerable file attachment URL in software details page.
SD-60095 : XSS vulnerability while sending the report by email.
SD-60076, SD-60097 : XSS vulnerability in input parameters of 'Addnew task' (module & from).
SD-60092 : XSS vulnerability in input parameter (UNIQUE_ID) of Solution module.
SD-60093 : XSS vulnerability in email notification window.
SD-60094 : XSS Vulnerability in request template, reminder andtechnician calendar.
SD-60123 : Low privileged user can update the incident details.
SD-60175 : Data loss in request closure code and closure comments, whenthe 'Closed' status' name is customized by the user.
SD-59635 : Auto suggest solution is not shown in Swedish language when anew request is created.
SD-59640 : Unable to save the Active Directory / LDAP Schedule import inIE & Chrome browsers.
SD-59049 : While assigning the users to a 'change' role ,if therole name contains non-english characters , the alert pop-up showsgarbled message .
SD-60122 : Access to problem and change details for an unprivileged useralong with SQL and XSS vulnerability.
Please refer to the below link for the steps to install the patch.
https://www.manageengine.com/products/service-desk/service-packs.html#sp
Regards,
Edwin Vasantha Kumar
Servicedesk Plus Team
SDP 9103 has been released and can be downloaded from the URL below
https://www.manageengine.com/products/service-desk/service-packs.html
https://www.manageengine.com/products/service-desk/service-packs.html
Issues fixed in 9103:
SD-60088 : 'X-Powered-By' response header has been removed toprotect the server details.
SD-60099 : XSS vulnerability in login page.
SD-60096 : XSS vulnerability when adding new software license type and option.
SD-59982 : Vulnerable file attachment URL in software details page.
SD-60095 : XSS vulnerability while sending the report by email.
SD-60076, SD-60097 : XSS vulnerability in input parameters of 'Addnew task' (module & from).
SD-60092 : XSS vulnerability in input parameter (UNIQUE_ID) of Solution module.
SD-60093 : XSS vulnerability in email notification window.
SD-60094 : XSS Vulnerability in request template, reminder andtechnician calendar.
SD-60123 : Low privileged user can update the incident details.
SD-60175 : Data loss in request closure code and closure comments, whenthe 'Closed' status' name is customized by the user.
SD-59635 : Auto suggest solution is not shown in Swedish language when anew request is created.
SD-59640 : Unable to save the Active Directory / LDAP Schedule import inIE & Chrome browsers.
SD-59049 : While assigning the users to a 'change' role ,if therole name contains non-english characters , the alert pop-up showsgarbled message .
SD-60122 : Access to problem and change details for an unprivileged useralong with SQL and XSS vulnerability.
Please refer to the below link for the steps to install the patch.
https://www.manageengine.com/products/service-desk/service-packs.html#sp
Regards,
Edwin Vasantha Kumar
Servicedesk Plus Team