CVE-2023-26600

EPSS 0.14%
Veröffentlicht 06.03.2023 20:15:09
Zuletzt bearbeitet 06.03.2025 16:15:40
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

ManageEngine ServiceDesk Plus through 14104, ServiceDesk Plus MSP through 14000, Support Center Plus through 14000, and Asset Explorer through 6987 allow privilege escalation via query reports.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Zohocorp ≫ Manageengine Assetexplorer Version < 6.9

Zohocorp ≫ Manageengine Assetexplorer Version6.9 Update-

Zohocorp ≫ Manageengine Assetexplorer Version6.9 Update6900

Zohocorp ≫ Manageengine Assetexplorer Version6.9 Update6901

Zohocorp ≫ Manageengine Assetexplorer Version6.9 Update6902

Zohocorp ≫ Manageengine Assetexplorer Version6.9 Update6903

Zohocorp ≫ Manageengine Assetexplorer Version6.9 Update6904

Zohocorp ≫ Manageengine Assetexplorer Version6.9 Update6905

Zohocorp ≫ Manageengine Assetexplorer Version6.9 Update6906

Zohocorp ≫ Manageengine Assetexplorer Version6.9 Update6907

Zohocorp ≫ Manageengine Assetexplorer Version6.9 Update6908

Zohocorp ≫ Manageengine Assetexplorer Version6.9 Update6909

Zohocorp ≫ Manageengine Assetexplorer Version6.9 Update6950

Zohocorp ≫ Manageengine Assetexplorer Version6.9 Update6951

Zohocorp ≫ Manageengine Assetexplorer Version6.9 Update6952

Zohocorp ≫ Manageengine Assetexplorer Version6.9 Update6953

Zohocorp ≫ Manageengine Assetexplorer Version6.9 Update6954

Zohocorp ≫ Manageengine Assetexplorer Version6.9 Update6955

Zohocorp ≫ Manageengine Assetexplorer Version6.9 Update6956

Zohocorp ≫ Manageengine Assetexplorer Version6.9 Update6957

Zohocorp ≫ Manageengine Assetexplorer Version6.9 Update6970

Zohocorp ≫ Manageengine Assetexplorer Version6.9 Update6971

Zohocorp ≫ Manageengine Assetexplorer Version6.9 Update6972

Zohocorp ≫ Manageengine Assetexplorer Version6.9 Update6973

Zohocorp ≫ Manageengine Assetexplorer Version6.9 Update6974

Zohocorp ≫ Manageengine Assetexplorer Version6.9 Update6975

Zohocorp ≫ Manageengine Assetexplorer Version6.9 Update6976

Zohocorp ≫ Manageengine Assetexplorer Version6.9 Update6977

Zohocorp ≫ Manageengine Assetexplorer Version6.9 Update6978

Zohocorp ≫ Manageengine Assetexplorer Version6.9 Update6979

Zohocorp ≫ Manageengine Assetexplorer Version6.9 Update6980

Zohocorp ≫ Manageengine Assetexplorer Version6.9 Update6981

Zohocorp ≫ Manageengine Assetexplorer Version6.9 Update6982

Zohocorp ≫ Manageengine Assetexplorer Version6.9 Update6983

Zohocorp ≫ Manageengine Assetexplorer Version6.9 Update6984

Zohocorp ≫ Manageengine Assetexplorer Version6.9 Update6985

Zohocorp ≫ Manageengine Assetexplorer Version6.9 Update6986

Zohocorp ≫ Manageengine Assetexplorer Version6.9 Update6987

Zohocorp ≫ Manageengine Servicedesk Plus Version < 14.1

Zohocorp ≫ Manageengine Servicedesk Plus Version14.1 Update-

Zohocorp ≫ Manageengine Servicedesk Plus Version14.1 Update14100

Zohocorp ≫ Manageengine Servicedesk Plus Version14.1 Update14101

Zohocorp ≫ Manageengine Servicedesk Plus Version14.1 Update14102

Zohocorp ≫ Manageengine Servicedesk Plus Version14.1 Update14103

Zohocorp ≫ Manageengine Servicedesk Plus Msp Version < 13.0

Zohocorp ≫ Manageengine Servicedesk Plus Msp Version13.0 Update-

Zohocorp ≫ Manageengine Servicedesk Plus Msp Version13.0 Update13000

Zohocorp ≫ Manageengine Servicedesk Plus Msp Version13.0 Update13001

Zohocorp ≫ Manageengine Servicedesk Plus Msp Version13.0 Update13002

Zohocorp ≫ Manageengine Servicedesk Plus Msp Version13.0 Update13003

Zohocorp ≫ Manageengine Servicedesk Plus Msp Version13.0 Update13004

Zohocorp ≫ Manageengine Supportcenter Plus Version < 11.0

Zohocorp ≫ Manageengine Supportcenter Plus Version11.0 Update-

Zohocorp ≫ Manageengine Supportcenter Plus Version11.0 Update11000

Zohocorp ≫ Manageengine Supportcenter Plus Version11.0 Update11001

Zohocorp ≫ Manageengine Supportcenter Plus Version11.0 Update11002

Zohocorp ≫ Manageengine Supportcenter Plus Version11.0 Update11003

Zohocorp ≫ Manageengine Supportcenter Plus Version11.0 Update11004

Zohocorp ≫ Manageengine Supportcenter Plus Version11.0 Update11005

Zohocorp ≫ Manageengine Supportcenter Plus Version11.0 Update11006

Zohocorp ≫ Manageengine Supportcenter Plus Version11.0 Update11007

Zohocorp ≫ Manageengine Supportcenter Plus Version11.0 Update11008

Zohocorp ≫ Manageengine Supportcenter Plus Version11.0 Update11009

Zohocorp ≫ Manageengine Supportcenter Plus Version11.0 Update11010

Zohocorp ≫ Manageengine Supportcenter Plus Version11.0 Update11011

Zohocorp ≫ Manageengine Supportcenter Plus Version11.0 Update11012

Zohocorp ≫ Manageengine Supportcenter Plus Version11.0 Update11013

Zohocorp ≫ Manageengine Supportcenter Plus Version11.0 Update11014

Zohocorp ≫ Manageengine Supportcenter Plus Version11.0 Update11015

Zohocorp ≫ Manageengine Supportcenter Plus Version11.0 Update11016

Zohocorp ≫ Manageengine Supportcenter Plus Version11.0 Update11017

Zohocorp ≫ Manageengine Supportcenter Plus Version11.0 Update11018

Zohocorp ≫ Manageengine Supportcenter Plus Version11.0 Update11019

Zohocorp ≫ Manageengine Supportcenter Plus Version11.0 Update11020

Zohocorp ≫ Manageengine Supportcenter Plus Version11.0 Update11021

Zohocorp ≫ Manageengine Supportcenter Plus Version11.0 Update11022

Zohocorp ≫ Manageengine Supportcenter Plus Version11.0 Update11024

Zohocorp ≫ Manageengine Supportcenter Plus Version11.0 Update11025

Zohocorp ≫ Manageengine Supportcenter Plus Version11.0 Update11026

Zohocorp ≫ Manageengine Supportcenter Plus Version11.0 Update11027

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.14%	0.346

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

https://manageengine.com

Product

https://www.manageengine.com/products/service-desk/CVE-2023-26600.html

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-26600

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-26600

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-26600

EUVD