ManageEngine ServiceDesk Plus < 14.0 Build 14104 Multiple Vulnerabilities

2023-03-15T00:00:00

Description

The version of ManageEngine ServiceDesk Plus running on the remote host is prior to 14.0 Build 14104. It is, therefore, affected by multiple vulnerabilities, including the following: - A Denial of Service vulnerability in image upload allows an attacker to exploit the way an API method allocates memory by sending a small image file with a large size defined in the header, causing the application to crash or become unresponsive. (CVE-2023-26601) - Privilege escalation vulnerability in query reports allows an attacker to gain access to restricted data in a Postgres database system by utilizing a certain PostgreSQL function in the query, allowing the validation process to be bypassed. (CVE-2023-26600) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

{"id": "MANAGEENGINE_SERVICEDESK_14104.NASL", "vendorId": null, "type": "nessus", "bulletinFamily": "scanner", "title": "ManageEngine ServiceDesk Plus < 14.0 Build 14104 Multiple Vulnerabilities", "description": "The version of ManageEngine ServiceDesk Plus running on the remote host is prior to 14.0 Build 14104. It is, therefore, affected by multiple vulnerabilities, including the following:\n\n - A Denial of Service vulnerability in image upload allows an attacker to exploit the way an API method allocates memory by sending a small image file with a large size defined in the header, causing the application to crash or become unresponsive. (CVE-2023-26601)\n\n - Privilege escalation vulnerability in query reports allows an attacker to gain access to restricted data in a Postgres database system by utilizing a certain PostgreSQL function in the query, allowing the validation process to be bypassed. (CVE-2023-26600)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "published": "2023-03-15T00:00:00", "modified": "2023-05-04T00:00:00", "epss": [], "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/172578", "reporter": "This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26601", "http://www.nessus.org/u?e27c2350", "http://www.nessus.org/u?e3bf854f", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26600", "http://www.nessus.org/u?eb990e39"], "cvelist": ["CVE-2023-26600", "CVE-2023-26601"], "immutableFields": [], "lastseen": "2023-05-17T16:43:25", "viewCount": 10, "enchantments": {"score": {"value": 7.6, "vector": "NONE"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2023-26600", "CVE-2023-26601"]}, {"type": "nessus", "idList": ["MANAGEENGINE_ASSETEXPLORER_6988.NASL", "MANAGEENGINE_SUPPORTCENTER_14000.NASL", "MANAGEENGINE_SUPPORTCENTER_14001.NASL"]}, {"type": "zdi", "idList": ["ZDI-23-229", "ZDI-23-230"]}]}, "epss": [{"cve": "CVE-2023-26600", "epss": 0.00087, "percentile": 0.35952, "modified": "2023-05-02"}, {"cve": "CVE-2023-26601", "epss": 0.00064, "percentile": 0.2601, "modified": "2023-05-02"}], "vulnersScore": 7.6}, "_state": {"score": 1684342029, "dependencies": 1684381875, "epss": 0}, "_internal": {"score_hash": "0569b2bda53469b26cf629b06aa7885b"}, "pluginID": "172578", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(172578);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/04\");\n\n script_cve_id(\"CVE-2023-26600\", \"CVE-2023-26601\");\n script_xref(name:\"IAVA\", value:\"2023-A-0129-S\");\n\n script_name(english:\"ManageEngine ServiceDesk Plus < 14.0 Build 14104 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server hosts an application that is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of ManageEngine ServiceDesk Plus running on the remote host is prior to 14.0 Build 14104. \nIt is, therefore, affected by multiple vulnerabilities, including the following:\n\n - A Denial of Service vulnerability in image upload allows an attacker to exploit the way an API method allocates \n memory by sending a small image file with a large size defined in the header, causing the application to crash \n or become unresponsive. (CVE-2023-26601)\n\n - Privilege escalation vulnerability in query reports allows an attacker to gain access to restricted data in a \n Postgres database system by utilizing a certain PostgreSQL function in the query, allowing the validation \n process to be bypassed. (CVE-2023-26600)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's\nself-reported version number.\");\n # https://www.manageengine.com/products/service-desk/CVE-2023-26600.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?eb990e39\");\n # https://www.manageengine.com/products/service-desk/CVE-2023-26601.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e27c2350\");\n # https://www.manageengine.com/products/service-desk/on-premises/readme.html#readme140\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e3bf854f\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to ManageEngine ServiceDesk Plus version 14.0 Build 14001, or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2023-26600\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2023/01/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/01/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/03/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:zohocorp:manageengine_servicedesk_plus\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"manageengine_servicedesk_detect.nasl\");\n script_require_keys(\"installed_sw/manageengine_servicedesk\");\n script_require_ports(\"Services/www\", 8080);\n\n exit(0);\n}\n\ninclude('vcf_extras_zoho.inc');\ninclude('http.inc');\n\nvar appname = 'ManageEngine ServiceDesk Plus';\n\nvar port = get_http_port(default:8080);\nvar app_info = vcf::zoho::servicedesk::get_app_info(app:appname, port:port);\n\nvar constraints = [\n {'fixed_version': '14.1.14104', 'fixed_display': '14.1 Build 14104'} \n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);", "naslFamily": "CGI abuses", "cpe": ["cpe:/a:zohocorp:manageengine_servicedesk_plus"], "solution": "Upgrade to ManageEngine ServiceDesk Plus version 14.0 Build 14001, or later.", "nessusSeverity": "Medium", "cvssScoreSource": "CVE-2023-26600", "vendor_cvss2": {"score": 6.8, "vector": "CVSS2#AV:N/AC:L/Au:S/C:C/I:N/A:N"}, "vendor_cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}, "vpr": {"risk factor": "Low", "score": "3.6"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2023-01-24T00:00:00", "vulnerabilityPublicationDate": "2023-01-24T00:00:00", "exploitableWith": []}

{"nessus": [{"lastseen": "2023-05-17T16:44:12", "description": "The version of ManageEngine AssetExplorer prior to 6.9 Build 6988 is running on the remote web server. It is, therefore, affected by multiple vulnerabilities, including the following:\n\n - A privilege escalation vulnerability in query reports. This vulnerability allows an attacker to gain access to restricted data in a Postgres database system by utilizing a certain PostgreSQL function in the query, allowing the validation process to be bypassed. (CVE-2023-26600)\n\n - A Denial of Service vulnerability in image upload. This vulnerability allows an attacker to exploit the way an API method allocates memory by sending a small image file with a large size defined in the header, causing the application to crash or become unresponsive. (CVE-2023-26601)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-03-17T00:00:00", "type": "nessus", "title": "ManageEngine AssetExplorer < 6.9 Build 6988 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2023-26600", "CVE-2023-26601"], "modified": "2023-05-04T00:00:00", "cpe": ["cpe:/a:zoho:manageengine_assetexplorer"], "id": "MANAGEENGINE_ASSETEXPLORER_6988.NASL", "href": "https://www.tenable.com/plugins/nessus/172640", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(172640);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/04\");\n\n script_cve_id(\"CVE-2023-26600\", \"CVE-2023-26601\");\n script_xref(name:\"IAVA\", value:\"2023-A-0129-S\");\n\n script_name(english:\"ManageEngine AssetExplorer < 6.9 Build 6988 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server hosts an application that is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of ManageEngine AssetExplorer prior to 6.9 Build 6988 is running on the remote \nweb server. It is, therefore, affected by multiple vulnerabilities, including the following:\n\n - A privilege escalation vulnerability in query reports. This vulnerability allows an\n attacker to gain access to restricted data in a Postgres database system by utilizing\n a certain PostgreSQL function in the query, allowing the validation process to be\n bypassed. (CVE-2023-26600)\n\n - A Denial of Service vulnerability in image upload. This vulnerability allows an\n attacker to exploit the way an API method allocates memory by sending a small image\n file with a large size defined in the header, causing the application to crash or\n become unresponsive. (CVE-2023-26601)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version \nnumber.\");\n # https://www.manageengine.com/products/service-desk/CVE-2023-26600.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?eb990e39\");\n # https://www.manageengine.com/products/service-desk/CVE-2023-26601.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e27c2350\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade ManageEngine AssetExplorer to version 6.9 Build 6988 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2023-26600\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2023/03/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/01/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/03/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:zoho:manageengine_assetexplorer\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 Tenable, Inc.\");\n\n script_dependencies(\"manageengine_assetexplorer_detect.nasl\");\n script_require_keys(\"installed_sw/ManageEngine AssetExplorer\");\n\n exit(0);\n}\n\ninclude('http.inc');\ninclude('vcf.inc');\ninclude('vcf_extras_zoho.inc');\n\nvar appname = 'ManageEngine AssetExplorer';\nvar port = get_http_port(default:8080);\n\nvar app_info = vcf::zoho::fix_parse::get_app_info(app:appname, port:port);\n\nvar constraints = [\n {'fixed_version': '6988', 'fixed_display' : '6.9 Build 6988'}\n];\n\nvcf::check_version_and_report(\n app_info:app_info,\n constraints:constraints,\n severity:SECURITY_WARNING\n);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:46:13", "description": "The version of ManageEngine SupportCenter Plus prior to 14.0 Build 14001 is running on the remote web server. It is, therefore, affected by a denial of service vulnerability:\n\n- A Denial of Service vulnerability in image upload. This vulnerability allows an attacker to exploit the way an API method allocates memory by sending a small image file with a large size defined in the header, causing the application to crash or become unresponsive. (CVE-2023-26601)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-03-17T00:00:00", "type": "nessus", "title": "ManageEngine SupportCenter Plus < 14.0 Build 14001 DoS", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2023-26601"], "modified": "2023-05-04T00:00:00", "cpe": ["cpe:/a:manageengine:supportcenter_plus"], "id": "MANAGEENGINE_SUPPORTCENTER_14001.NASL", "href": "https://www.tenable.com/plugins/nessus/172641", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(172641);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/04\");\n\n script_cve_id(\"CVE-2023-26601\");\n script_xref(name:\"IAVA\", value:\"2023-A-0129-S\");\n\n script_name(english:\"ManageEngine SupportCenter Plus < 14.0 Build 14001 DoS\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server hosts an application that is affected by a denial of service vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of ManageEngine SupportCenter Plus prior to 14.0 Build 14001 is running on the remote \nweb server. It is, therefore, affected by a denial of service vulnerability:\n\n- A Denial of Service vulnerability in image upload. This vulnerability allows an\nattacker to exploit the way an API method allocates memory by sending a small image\nfile with a large size defined in the header, causing the application to crash or\nbecome unresponsive. (CVE-2023-26601)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's\nself-reported version number.\");\n # https://www.manageengine.com/products/service-desk/CVE-2023-26601.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e27c2350\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to ManageEngine SupportCenter Plus version 14.0 Build 14001, or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2023-26601\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2023/03/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/01/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/03/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:manageengine:supportcenter_plus\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 Tenable, Inc.\");\n\n script_dependencies(\"manageengine_supportcenter_detect.nasl\");\n script_require_keys(\"installed_sw/ManageEngine SupportCenter\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras_zoho.inc');\ninclude('http.inc');\n\nvar port = get_http_port(default:8080);\nvar appname = 'ManageEngine SupportCenter';\n\nvar app_info = vcf::zoho::fix_parse::get_app_info(app:appname, port:port);\n\nvar constraints = [\n {'fixed_version': '14001', 'fixed_display' : '14.0 Build 14001'}\n];\n\nvcf::check_version_and_report(\n app_info:app_info,\n constraints:constraints,\n severity:SECURITY_HOLE\n);", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:44:13", "description": "The version of ManageEngine SupportCenter Plus prior to 14.0 Build 14000 is running on the remote web server. It is, therefore, affected by the following:\n\n- A privilege escalation vulnerability in query reports. This vulnerability allows an attacker to gain access to restricted data in a Postgres database system by utilizing a certain PostgreSQL function in the query, allowing the validation process to be bypassed. (CVE-2023-26600)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-03-17T00:00:00", "type": "nessus", "title": "ManageEngine SupportCenter Plus < 14.0 Build 14000 Privilege Escalation", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2023-26600"], "modified": "2023-05-04T00:00:00", "cpe": ["cpe:/a:manageengine:supportcenter_plus"], "id": "MANAGEENGINE_SUPPORTCENTER_14000.NASL", "href": "https://www.tenable.com/plugins/nessus/172639", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(172639);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/04\");\n\n script_cve_id(\"CVE-2023-26600\");\n script_xref(name:\"IAVA\", value:\"2023-A-0129-S\");\n\n script_name(english:\"ManageEngine SupportCenter Plus < 14.0 Build 14000 Privilege Escalation\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server hosts an application that is affected by a privilege escalation vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of ManageEngine SupportCenter Plus prior to 14.0 Build 14000 is running on the remote \nweb server. It is, therefore, affected by the following:\n\n- A privilege escalation vulnerability in query reports. This vulnerability allows an\nattacker to gain access to restricted data in a Postgres database system by utilizing\na certain PostgreSQL function in the query, allowing the validation process to be\nbypassed. (CVE-2023-26600)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's\nself-reported version number.\");\n # https://www.manageengine.com/products/service-desk/CVE-2023-26600.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?eb990e39\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to ManageEngine SupportCenter Plus version 14.0 Build 14000, or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2023-26600\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2023/03/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/01/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/03/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:manageengine:supportcenter_plus\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 Tenable, Inc.\");\n\n script_dependencies(\"manageengine_supportcenter_detect.nasl\");\n script_require_keys(\"installed_sw/ManageEngine SupportCenter\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras_zoho.inc');\ninclude('http.inc');\n\nvar port = get_http_port(default:8080);\nvar appname = 'ManageEngine SupportCenter';\n\nvar app_info = vcf::zoho::fix_parse::get_app_info(app:appname, port:port);\n\nvar constraints = [\n {'fixed_version': '14000', 'fixed_display' : '14.0 Build 14000'}\n];\n\nvcf::check_version_and_report(\n app_info:app_info,\n constraints:constraints,\n severity:SECURITY_WARNING\n);\n\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "cve": [{"lastseen": "2023-05-31T17:48:05", "description": "Zoho ManageEngine ServiceDesk Plus through 14104, Asset Explorer through 6987, ServiceDesk Plus MSP before 14000, and Support Center Plus before 14000 allow Denial-of-Service (DoS).", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-03-06T22:15:00", "type": "cve", "title": "CVE-2023-26601", "cwe": ["CWE-400"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-26601"], "modified": "2023-03-13T17:44:00", "cpe": ["cpe:/a:zohocorp:manageengine_servicedesk_plus_msp:14.0", "cpe:/a:zohocorp:manageengine_supportcenter_plus:14.0", "cpe:/a:zohocorp:manageengine_servicedesk_plus:14.1", "cpe:/a:zohocorp:manageengine_assetexplorer:6.9"], "id": "CVE-2023-26601", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-26601", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6973:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6951:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6901:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6906:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6971:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:-:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6976:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6985:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.1:14100:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:14.0:14000:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6979:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6908:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6900:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6987:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6902:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.1:14102:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6905:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.1:-:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6950:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6904:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6970:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6909:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6981:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.1:14103:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6953:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6903:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6952:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6955:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6954:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6975:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6957:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6983:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6980:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6982:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6972:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6907:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.1:14101:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6956:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:14.0:14000:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6984:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6986:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6974:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6977:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6978:*:*:*:*:*:*"]}, {"lastseen": "2023-05-31T17:48:05", "description": "ManageEngine ServiceDesk Plus through 14104, ServiceDesk Plus MSP through 14000, Support Center Plus through 14000, and Asset Explorer through 6987 allow privilege escalation via query reports.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-03-06T20:15:00", "type": "cve", "title": "CVE-2023-26600", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-26600"], "modified": "2023-03-13T17:47:00", "cpe": ["cpe:/a:zohocorp:manageengine_supportcenter_plus:11.0", "cpe:/a:zohocorp:manageengine_servicedesk_plus:14.1", "cpe:/a:zohocorp:manageengine_servicedesk_plus_msp:13.0", "cpe:/a:zohocorp:manageengine_assetexplorer:6.9"], "id": "CVE-2023-26600", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-26600", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11013:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11016:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6973:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11027:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6951:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11019:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6901:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6906:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11012:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6971:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:-:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11024:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6976:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:-:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6985:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.1:14100:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6979:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11022:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11017:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6908:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6900:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6987:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6902:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.1:14102:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11003:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6905:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.1:-:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6950:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11011:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6904:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11006:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6970:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11015:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11025:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11000:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6909:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:13.0:-:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6981:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:13.0:13003:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11021:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6953:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11004:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11026:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11002:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6903:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.1:14103:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6952:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6955:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6954:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6975:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6957:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11020:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:13.0:13000:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6983:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11010:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:13.0:13001:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11008:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6980:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6982:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6972:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11018:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6907:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.1:14101:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:13.0:13004:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6977:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6956:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:13.0:13002:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11009:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6984:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6986:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11007:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6974:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11014:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6978:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11005:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11001:*:*:*:*:*:*"]}], "zdi": [{"lastseen": "2023-05-31T21:22:55", "description": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of ManageEngine ServiceDesk Plus. Authentication is required to exploit this vulnerability. The specific flaw exists within the ImageUploadServlet. The issue results from the lack of proper input validation. An attacker can leverage this vulnerability to create a denial-of-service condition on the system.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-03-09T00:00:00", "type": "zdi", "title": "ManageEngine ServiceDesk Plus ImageUploadServlet Improper Input Validation Denial-of-Service Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-26601"], "modified": "2023-03-09T00:00:00", "id": "ZDI-23-230", "href": "https://www.zerodayinitiative.com/advisories/ZDI-23-230/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-05-31T21:22:56", "description": "This vulnerability allows remote attackers to escalate privileges on affected installations of ManageEngine ServiceDesk Plus MSP. Authentication is required to exploit this vulnerability. The specific flaw exists within the generateSQLReport function. The issue results from the lack of proper validation of user-supplied data. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-03-09T00:00:00", "type": "zdi", "title": "ManageEngine ServiceDesk Plus MSP generateSQLReport Improper Input Validation Privilege Escalation Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-26600"], "modified": "2023-03-09T00:00:00", "id": "ZDI-23-229", "href": "https://www.zerodayinitiative.com/advisories/ZDI-23-229/", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}]}

ManageEngine ServiceDesk Plus &lt; 14.0 Build 14104 Multiple Vulnerabilities

Description

Related

ManageEngine ServiceDesk Plus < 14.0 Build 14104 Multiple Vulnerabilities