Varonis Threat Labs identified a SQL injection vulnerability and logical access flaw in the reporting and analytics tool Zendesk Explore. Zendesk, a software-as-a-service products company based in San Francisco, patched the flaws immediately. The vulnerability allowed threat actors to access tickets, comments and conversations in Explore-enabled Zendesk accounts.

Impact

Zendesk customers generally rely on end users submitting support tickets directly via the web. As part of this vulnerability, attackers could register for the ticketing service of its victim’s Zendesk account as a new external user. A second flaw concerns a logic access issue associated with a query execution API that was configured to run the queries without checking if the "user" had adequate permission to make the call. Threat actors can attach malicious files to tickets to infect endpoints.

DXC perspective

In addition to updating the software, Zendesk Explore users would be wise to review their digital identity policies and endpoint protection tools.