Privilege Escalation via Query Reports in ManageEngine ServiceDesk Plus and Related Products

Privilege Escalation via Query Reports in ManageEngine ServiceDesk Plus and Related Products

CVE-2023-26600 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

ManageEngine ServiceDesk Plus through 14104, ServiceDesk Plus MSP through 14000, Support Center Plus through 14000, and Asset Explorer through 6987 allow privilege escalation via query reports.

Learn more about our Web Application Penetration Testing UK.