Severity : Low
CVE ID : CVE-2022-25245
|Product Name||Affected Version(s)||Fixed Version(s)||Fixed On|
|ServiceDesk Plus||13000 and below||13001||March 9, 2022|
|AssetExplorer||6970 and below||6971||March 9, 2022|
Using the approval login URL, which is used to approve purchase details without a login to the application, non-login users are able to extract vendor currency details.
Users can extract all vendor currency details without logging in to the application.
Steps to upgrade
This issue was reported by Matt on our bug bounty portal.
Please contact the product support for further details at the below mentioned email addresses:
ServiceDesk Plus: email@example.com
For assistance, call us toll-free at +1.888.720.9500