← Back

CVE-2023-26600

nvd nist
Published: Mar 6, 2023Modified: Mar 6, 2025

JSON object

Loading...
6.5
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Exploitability: 2.8 / Impact: 3.6
Source: NVD

Description

ManageEngine ServiceDesk Plus through 14104, ServiceDesk Plus MSP through 14000, Support Center Plus through 14000, and Asset Explorer through 6987 allow privilege escalation via query reports.

Affected (80)

Zohocorp
4 products
Manageengine Assetexplorer
Manageengine Servicedesk Plus
Manageengine Servicedesk Plus Msp
Manageengine Supportcenter Plus
Configuration A
80 vulnerable
Vulnerable SoftwareAffected Versions
Zohocorp
Manageengine Assetexplorer
Before 6.9
Manageengine Assetexplorer
Version 6.9
Manageengine Assetexplorer
Version 6.9 6900
Manageengine Assetexplorer
Version 6.9 6901
Manageengine Assetexplorer
Version 6.9 6902
Manageengine Assetexplorer
Version 6.9 6903
Manageengine Assetexplorer
Version 6.9 6904
Manageengine Assetexplorer
Version 6.9 6905
Manageengine Assetexplorer
Version 6.9 6906
Manageengine Assetexplorer
Version 6.9 6907
Manageengine Assetexplorer
Version 6.9 6908
Manageengine Assetexplorer
Version 6.9 6909
Manageengine Assetexplorer
Version 6.9 6950
Manageengine Assetexplorer
Version 6.9 6951
Manageengine Assetexplorer
Version 6.9 6952
Manageengine Assetexplorer
Version 6.9 6953
Manageengine Assetexplorer
Version 6.9 6954
Manageengine Assetexplorer
Version 6.9 6955
Manageengine Assetexplorer
Version 6.9 6956
Manageengine Assetexplorer
Version 6.9 6957
Manageengine Assetexplorer
Version 6.9 6970
Manageengine Assetexplorer
Version 6.9 6971
Manageengine Assetexplorer
Version 6.9 6972
Manageengine Assetexplorer
Version 6.9 6973
Manageengine Assetexplorer
Version 6.9 6974
Manageengine Assetexplorer
Version 6.9 6975
Manageengine Assetexplorer
Version 6.9 6976
Manageengine Assetexplorer
Version 6.9 6977
Manageengine Assetexplorer
Version 6.9 6978
Manageengine Assetexplorer
Version 6.9 6979
Manageengine Assetexplorer
Version 6.9 6980
Manageengine Assetexplorer
Version 6.9 6981
Manageengine Assetexplorer
Version 6.9 6982
Manageengine Assetexplorer
Version 6.9 6983
Manageengine Assetexplorer
Version 6.9 6984
Manageengine Assetexplorer
Version 6.9 6985
Manageengine Assetexplorer
Version 6.9 6986
Manageengine Assetexplorer
Version 6.9 6987
Zohocorp
Manageengine Servicedesk Plus
Before 14.1
Manageengine Servicedesk Plus
Version 14.1
Manageengine Servicedesk Plus
Version 14.1 14100
Manageengine Servicedesk Plus
Version 14.1 14101
Manageengine Servicedesk Plus
Version 14.1 14102
Manageengine Servicedesk Plus
Version 14.1 14103
Zohocorp
Manageengine Servicedesk Plus Msp
Before 13.0
Manageengine Servicedesk Plus Msp
Version 13.0
Manageengine Servicedesk Plus Msp
Version 13.0 13000
Manageengine Servicedesk Plus Msp
Version 13.0 13001
Manageengine Servicedesk Plus Msp
Version 13.0 13002
Manageengine Servicedesk Plus Msp
Version 13.0 13003
Manageengine Servicedesk Plus Msp
Version 13.0 13004
Zohocorp
Manageengine Supportcenter Plus
Before 11.0
Manageengine Supportcenter Plus
Version 11.0
Manageengine Supportcenter Plus
Version 11.0 11000
Manageengine Supportcenter Plus
Version 11.0 11001
Manageengine Supportcenter Plus
Version 11.0 11002
Manageengine Supportcenter Plus
Version 11.0 11003
Manageengine Supportcenter Plus
Version 11.0 11004
Manageengine Supportcenter Plus
Version 11.0 11005
Manageengine Supportcenter Plus
Version 11.0 11006
Manageengine Supportcenter Plus
Version 11.0 11007
Manageengine Supportcenter Plus
Version 11.0 11008
Manageengine Supportcenter Plus
Version 11.0 11009
Manageengine Supportcenter Plus
Version 11.0 11010
Manageengine Supportcenter Plus
Version 11.0 11011
Manageengine Supportcenter Plus
Version 11.0 11012
Manageengine Supportcenter Plus
Version 11.0 11013
Manageengine Supportcenter Plus
Version 11.0 11014
Manageengine Supportcenter Plus
Version 11.0 11015
Manageengine Supportcenter Plus
Version 11.0 11016
Manageengine Supportcenter Plus
Version 11.0 11017
Manageengine Supportcenter Plus
Version 11.0 11018
Manageengine Supportcenter Plus
Version 11.0 11019
Manageengine Supportcenter Plus
Version 11.0 11020
Manageengine Supportcenter Plus
Version 11.0 11021
Manageengine Supportcenter Plus
Version 11.0 11022
Manageengine Supportcenter Plus
Version 11.0 11024
Manageengine Supportcenter Plus
Version 11.0 11025
Manageengine Supportcenter Plus
Version 11.0 11026
Manageengine Supportcenter Plus
Version 11.0 11027

Related CWEs

CWE-269
Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (4)

Source: cve@mitre.org
Product
Source: cve@mitre.org
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Product
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.