Privilege Escalation in ManageEngine ServiceDesk Plus and Related Products
CVE-2023-26600

6.5MEDIUM

Key Information:

Vendor: Zohocorp
Status: Manageengine Supportcenter Plus; Manageengine Assetexplorer; Manageengine Servicedesk Plus Msp; Manageengine Servicedesk Plus
Vendor: CVE Published:; 6 March 2023

What is CVE-2023-26600?

The vulnerability in ManageEngine ServiceDesk Plus and several related products allows unauthorized users to escalate their privileges through the manipulation of query reports. This flaw can potentially be exploited to gain elevated access, which could lead to unauthorized actions within the system. Users are urged to apply the necessary patches and updates to mitigate this risk.

References

https://manageengine.com

https://www.manageengine.com/products/service-desk/CVE-20...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 6, 2023
Vulnerability Reserved
Feb 26, 2023

Zohocorp

What is CVE-2023-26600?

References

CVSS V3.1

Timeline