Dear Users,

SDP 9415 has been released and can be downloaded from the URL below,

https://www.manageengine.com/products/service-desk/service-packs.html

Vulnerability :

SD-72109 : XSS vulnerability found in the asset details page is fixed.

SD-71576 : XSS vulnerability found in Change Calendar is fixed.

SD-72080 : Directory traversal vulnerability found in file upload is fixed.

SD-71495 : ZipSlip vulnerability found in distributed asset scan is fixed.

SD-72568 : Vulnerability in deletion of default license types is fixed.

SD-68282 : No alert message is displayed, warning about the impacted scan types when we enable "Stop uploading scanned XMLs via non-login URL" under the Security Settings.

SD-71928 : Privilege Escalation Vulnerability in project module Gantt view.

SD-69108 : Security response headers are missing in the login form.

SD-71704, 71703, 71702, 71676, 71675, 71674 : GET URLs replaced with POST URLs.

SD-71595 : Vulnerability : Able to create a table and copy data in MSSQL.

SD-66826 : Vulnerable HTTP method (OPTIONS) disabled.

Requests :

SD-72141 : In the request history, Before Modification and After Modification sections with regards to Description changes are not displayed.

Assets :

SD-71491, 71490 : Failure exception message displayed during network scan is fixed.

Please refer to the below link for the steps to install the patch.

https://www.manageengine.com/products/service-desk/service-packs.html#sp

Note : If Users facing issues, when invoking upgrade process from 9400 refer post for solution.

Regards,

Edwin Vasantha Kumar

Servicedesk Plus Team