← Back

CVE-2023-34197

nvd nist
Published: Jul 7, 2023Modified: Nov 21, 2024

JSON object

Loading...
5.4
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Exploitability: 2.8 / Impact: 2.5
Source: NVD

Description

Zoho ManageEngine ServiceDesk Plus before 14202, ServiceDesk Plus MSP before 14300, and SupportCenter Plus before 14300 have a privilege escalation vulnerability in the Release module that allows unprivileged users to access the Reminders of a release ticket and make modifications.

Affected (10)

Zohocorp
3 products
Manageengine Servicedesk Plus
Manageengine Servicedesk Plus Msp
Manageengine Supportcenter Plus
Configuration A
3 vulnerable
Vulnerable SoftwareAffected Versions
Zohocorp
Manageengine Servicedesk Plus
Before 14.2
Manageengine Servicedesk Plus
Version 14.2 14200
Manageengine Servicedesk Plus
Version 14.2 14201
Configuration B
4 vulnerable
Vulnerable SoftwareAffected Versions
Zohocorp
Manageengine Servicedesk Plus Msp
Before 14.2
Manageengine Servicedesk Plus Msp
Version 14.2 14200
Manageengine Servicedesk Plus Msp
Version 14.2 14201
Manageengine Servicedesk Plus Msp
Version 14.2 14202
Configuration C
3 vulnerable
Vulnerable SoftwareAffected Versions
Zohocorp
Manageengine Supportcenter Plus
Before 14.2
Manageengine Supportcenter Plus
Version 14.2 14200
Manageengine Supportcenter Plus
Version 14.2 14201

Related CWEs

CWE-863
Incorrect Authorization
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (2)

Source: cve@mitre.org
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.