Issues Fixed in 9415

Vulnerability :

  • SD-72109 : XSS vulnerability found in the asset details page is fixed.
  • SD-71576 : XSS vulnerability found in Change Calendar is fixed.
  • SD-72080 : Directory traversal vulnerability found in file upload is fixed.
  • SD-71495 : ZipSlip vulnerability found in distributed asset scan is fixed.
  • SD-72568 : Vulnerability in deletion of default license types is fixed.
  • SD-68282 : No alert message is displayed, warning about the impacted scan types when we enable “Stop uploading scanned XMLs via non-login URL” under the Security Settings.
  • SD-71928 : Privilege Escalation Vulnerability in project module Gantt view.
  • SD-69108 : Security response headers are missing in the login form.
  • SD-71704, 71703, 71702, 71676, 71675, 71674 : GET URLs replaced with POST URLs.
  • SD-71595 : Vulnerability : Able to create a table and copy data in MSSQL.
  • SD-66826 : Vulnerable HTTP method (OPTIONS) disabled.

Requests :

  • SD-72141 : In the request history, Before Modification and After Modification sections with regards to Description changes are not displayed.

Assets :

  • SD-71491, 71490 : Failure exception message displayed during network scan is fixed.
Build Release

You may be interested in these other recent articles

29 Jun

Gartner® Magic Quadrant™ Recognising ManageEngine for the 10th time!

29 June 2022 | Nazim Nadir


Gartner® Magic Quadrant™ is a great way to gain objective insights into application performance monitoring (APM) market and its vendors. ManageEngine Applications Manager and site24x7…

Read more
18 Feb

ManageEngine’s IAM and Cybersecurity On-Demand Events Hub

18 February 2022 | Joshua Ball


Watch webinars on demand and listen to podcasts at your convenience. ManageEngine has launched their IAM and Cybersecurity on-demand events hub, a one-stop shop for on-demand webinars and podcasts. At the on-demand events hub, you’ll find:   Carefully curated on-demand webinars from seven unique categories. Over 40 podcast episodes (and counting) on IAM and cybersecurity from three different podcast shows. ​ The webinars and podcasts are regularly updated, so watch this space to ensure you don’t miss out on the latest episodes!​​ Sign up today by clicking here. To find out more…

Read more
8 Sep

ManageEngine positioned in the Gartner® Magic Quadrant™ for ITSM Tools for the second consecutive year

8 September 2021 | Nigel Arnold


The 2021 Gartner® Magic Quadrant™ for IT Service Management Tools is out, and ManageEngine has been included in this year’s report. This is the second…

Read more