This security bulletin contains one low risk vulnerability.
Exploit availability: NoDescription
The vulnerability allows a remote user to execute arbitrary code on the system.
The vulnerability exists due to improper input validation within the invokeDataUploadTool() function when handling data passed via the fields required to configure the Analytics Plus integration. A remote privileged user can inject and execute arbitrary commands on the system.
Install update from vendor's website.Vulnerable software versions
Zoho ManageEngine ServiceDesk Plus MSP: 10500 - 10610
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?