False Positive in Manage engine detection

sur · June 13, 2019, 7:10pm

OpenVas is reporting that it has found " ZOHO ManageEngine ServiceDesk Plus (SDP) Multiple Vulnerabilities - Feb15" vulnerability running version “ZOHO ManageEngine ServiceDesk Plus (SDP) version before 9.0 build 9031”

But in the discovery phase it has the found the version to be 10.5 which is latest.

 ManageEngine ServiceDesk Plus Detection
Port			:	8080/tcp
Result		:
Detection of installed version of ManageEngine ServiceDesk Plus.

 This script sends HTTP GET request and try to get the version from the response, and sets the result in KB.
Detected ManageEngine ServiceDesk Plus

Version:       10.5
Location:      /
CPE:           cpe:/a:manageengine:servicedesk_plus:10.5:build10500

Concluded from version/product identification result:
10.5-build10500

I have checked manually the version is latest.
emphasized text

ckuerste · June 17, 2019, 1:36am

Thanks for reporting this.

The ServiceDesk Plus detection should soon get an update and along the path we will take care of this.

_OR · June 24, 2019, 7:25am

Hello,
The ServiceDesk Plus detection and the vulnerability tests have been updated. They will be in the feed tomorrow.
An Update of the Detection for the MSP Edition of ServiceDesk Plus will follow soon.
Please let us know, if the updates fix this False Positive in your case.

_OR · June 25, 2019, 1:20pm

Updated product detections for ‘ManageEngine ServiceDesk Plus’ and ‘ManageEngine ServiceDesk Plus MSP’ are now in the feed. All related vulnerability detections have been updated too.

sur · June 28, 2019, 2:26am

Yes thank you the false positive has been fixed