Denial-of-Service Vulnerability in Zoho ManageEngine Products
CVE-2023-26601

7.5HIGH

Key Information:

Vendor: Zohocorp
Status: Manageengine Assetexplorer; Manageengine Servicedesk Plus; Manageengine Servicedesk Plus Msp; Manageengine Supportcenter Plus
Vendor: CVE Published:; 6 March 2023

What is CVE-2023-26601?

A Denial-of-Service vulnerability exists in multiple Zoho ManageEngine products, including ServiceDesk Plus and Asset Explorer. This flaw allows attackers to exploit weaknesses in these applications to disrupt service availability, potentially leading to significant downtime. Affected versions include ServiceDesk Plus up to 14104 and Asset Explorer up to 6987, as well as earlier versions of ServiceDesk Plus MSP and Support Center Plus. Users are advised to update their products to mitigate the risk associated with this vulnerability.

References

https://manageengine.com

https://www.manageengine.com/products/service-desk/CVE-20...

EPSS Score

6% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 6, 2023
Vulnerability Reserved
Feb 26, 2023

Zohocorp

What is CVE-2023-26601?

References

EPSS Score

CVSS V3.1

Timeline