CVE-2019-12252 (manageengine_servicedesk_plus)

In Zoho ManageEngine ServiceDesk Plus through 10.5, users with the lowest privileges (guest) can view an arbitrary post by appending its number to the SDNotify.do?notifyModule=Solution&mode=E-Mail&notifyTo=SOLFORWARD&id= substring.
Source: NIST
CVE-2019-12252 (manageengine_servicedesk_plus)