CVE-2023-26600

ManageEngine ServiceDesk Plus through 14104, ServiceDesk Plus MSP through 14000, Support Center Plus through 14000, and Asset Explorer through 6987 allow privilege escalation via query reports.

Published: Mar 6, 2023
Updated: Apr 14, 2023
CVE: CVE-2023-26600
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
zohocorp / manageengine_supportcenter_plus	11.0-11014	11.0-11014.x
zohocorp / manageengine_supportcenter_plus	11.0-11013	11.0-11013.x
zohocorp / manageengine_supportcenter_plus	11.0-11012	11.0-11012.x
zohocorp / manageengine_supportcenter_plus	11.0-11011	11.0-11011.x
zohocorp / manageengine_supportcenter_plus	11.0-11010	11.0-11010.x
zohocorp / manageengine_supportcenter_plus	11.0-11009	11.0-11009.x
zohocorp / manageengine_supportcenter_plus	11.0-11008	11.0-11008.x
zohocorp / manageengine_supportcenter_plus	11.0-11007	11.0-11007.x
zohocorp / manageengine_supportcenter_plus	11.0-11006	11.0-11006.x
zohocorp / manageengine_supportcenter_plus	11.0-11005	11.0-11005.x
zohocorp / manageengine_supportcenter_plus	11.0-11004	11.0-11004.x
zohocorp / manageengine_supportcenter_plus	11.0-11003	11.0-11003.x
zohocorp / manageengine_supportcenter_plus	11.0-11002	11.0-11002.x
zohocorp / manageengine_supportcenter_plus	11.0-11001	11.0-11001.x
zohocorp / manageengine_supportcenter_plus	11.0-11000	11.0-11000.x
zohocorp / manageengine_supportcenter_plus	11.0	11.0.x
zohocorp / manageengine_supportcenter_plus	11.0-11015	11.0-11015.x
zohocorp / manageengine_supportcenter_plus	11.0-11016	11.0-11016.x
zohocorp / manageengine_supportcenter_plus	11.0-11017	11.0-11017.x
zohocorp / manageengine_supportcenter_plus	11.0-11018	11.0-11018.x
zohocorp / manageengine_supportcenter_plus	11.0-11019	11.0-11019.x
zohocorp / manageengine_supportcenter_plus	-	11.0
zohocorp / manageengine_supportcenter_plus	11.0-11021	11.0-11021.x
zohocorp / manageengine_supportcenter_plus	11.0-11020	11.0-11020.x
zohocorp / manageengine_assetexplorer	6.9-6900	6.9-6900.x
zohocorp / manageengine_assetexplorer	6.9-6901	6.9-6901.x
zohocorp / manageengine_assetexplorer	6.9-6902	6.9-6902.x
zohocorp / manageengine_assetexplorer	6.9-6903	6.9-6903.x
zohocorp / manageengine_assetexplorer	6.9-6904	6.9-6904.x
zohocorp / manageengine_assetexplorer	6.9-6905	6.9-6905.x
zohocorp / manageengine_assetexplorer	6.9-6906	6.9-6906.x
zohocorp / manageengine_assetexplorer	6.9-6907	6.9-6907.x
zohocorp / manageengine_assetexplorer	6.9-6908	6.9-6908.x
zohocorp / manageengine_assetexplorer	6.9-6909	6.9-6909.x
zohocorp / manageengine_assetexplorer	6.9-6950	6.9-6950.x
zohocorp / manageengine_assetexplorer	6.9-6951	6.9-6951.x
zohocorp / manageengine_assetexplorer	6.9-6952	6.9-6952.x
zohocorp / manageengine_assetexplorer	6.9-6953	6.9-6953.x
zohocorp / manageengine_assetexplorer	6.9-6954	6.9-6954.x
zohocorp / manageengine_assetexplorer	6.9-6955	6.9-6955.x
zohocorp / manageengine_assetexplorer	6.9-6956	6.9-6956.x
zohocorp / manageengine_assetexplorer	6.9-6957	6.9-6957.x
zohocorp / manageengine_assetexplorer	6.9-6970	6.9-6970.x
zohocorp / manageengine_assetexplorer	6.9-6971	6.9-6971.x
zohocorp / manageengine_assetexplorer	6.9-6972	6.9-6972.x
zohocorp / manageengine_assetexplorer	6.9-6973	6.9-6973.x
zohocorp / manageengine_assetexplorer	6.9-6974	6.9-6974.x
zohocorp / manageengine_assetexplorer	6.9-6975	6.9-6975.x
zohocorp / manageengine_assetexplorer	6.9-6976	6.9-6976.x
zohocorp / manageengine_assetexplorer	-	6.9
zohocorp / manageengine_supportcenter_plus	11.0-11022	11.0-11022.x
zohocorp / manageengine_supportcenter_plus	11.0-11024	11.0-11024.x
zohocorp / manageengine_supportcenter_plus	11.0-11025	11.0-11025.x
zohocorp / manageengine_assetexplorer	6.9-6980	6.9-6980.x
zohocorp / manageengine_assetexplorer	6.9-6979	6.9-6979.x
zohocorp / manageengine_assetexplorer	6.9-6978	6.9-6978.x
zohocorp / manageengine_assetexplorer	6.9-6977	6.9-6977.x
zohocorp / manageengine_servicedesk_plus_msp	-	13.0
zohocorp / manageengine_servicedesk_plus_msp	13.0-13000	13.0-13000.x
zohocorp / manageengine_assetexplorer	6.9	6.9.x
zohocorp / manageengine_servicedesk_plus_msp	13.0	13.0.x
zohocorp / manageengine_assetexplorer	6.9-6981	6.9-6981.x
zohocorp / manageengine_assetexplorer	6.9-6982	6.9-6982.x
zohocorp / manageengine_servicedesk_plus_msp	13.0-13001	13.0-13001.x
zohocorp / manageengine_servicedesk_plus_msp	13.0-13002	13.0-13002.x
zohocorp / manageengine_servicedesk_plus_msp	13.0-13003	13.0-13003.x
zohocorp / manageengine_assetexplorer	6.9-6986	6.9-6986.x
zohocorp / manageengine_assetexplorer	6.9-6987	6.9-6987.x
zohocorp / manageengine_assetexplorer	6.9-6983	6.9-6983.x
zohocorp / manageengine_assetexplorer	6.9-6984	6.9-6984.x
zohocorp / manageengine_assetexplorer	6.9-6985	6.9-6985.x
zohocorp / manageengine_supportcenter_plus	11.0-11026	11.0-11026.x
zohocorp / manageengine_supportcenter_plus	11.0-11027	11.0-11027.x
zohocorp / manageengine_servicedesk_plus	14.1-14101	14.1-14101.x
zohocorp / manageengine_servicedesk_plus	14.1-14102	14.1-14102.x
zohocorp / manageengine_servicedesk_plus	14.1-14103	14.1-14103.x
zohocorp / manageengine_servicedesk_plus	-	14.1
zohocorp / manageengine_servicedesk_plus	14.1-14100	14.1-14100.x
zohocorp / manageengine_servicedesk_plus_msp	13.0-13004	13.0-13004.x
zohocorp / manageengine_servicedesk_plus	14.1	14.1.x

Vulnerability Database

289,697

CVE-2023-26600