Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2023-34197
HistoryJul 07, 2023 - 1:15 p.m.

CVE-2023-34197

2023-07-0713:15:09
[email protected]
web.nvd.nist.gov
2
zoho manageengine
privilege escalation
vulnerability
release module
unprivileged users
access
reminders
modifications

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

EPSS

0.003

Percentile

66.2%

JSON

Zoho ManageEngine ServiceDesk Plus before 14202, ServiceDesk Plus MSP before 14300, and SupportCenter Plus before 14300 have a privilege escalation vulnerability in the Release module that allows unprivileged users to access the Reminders of a release ticket and make modifications.

Affected configurations

Nvd
Node
zohocorpmanageengine_servicedesk_plusRange<14.2
OR
zohocorpmanageengine_servicedesk_plusMatch14.214200
OR
zohocorpmanageengine_servicedesk_plusMatch14.214201
Node
zohocorpmanageengine_servicedesk_plus_mspRange<14.2
OR
zohocorpmanageengine_servicedesk_plus_mspMatch14.214200
OR
zohocorpmanageengine_servicedesk_plus_mspMatch14.214201
OR
zohocorpmanageengine_servicedesk_plus_mspMatch14.214202
Node
zohocorpmanageengine_supportcenter_plusRange<14.2
OR
zohocorpmanageengine_supportcenter_plusMatch14.214200
OR
zohocorpmanageengine_supportcenter_plusMatch14.214201
VendorProductVersionCPE
zohocorpmanageengine_servicedesk_plus*cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:*:*:*:*:*:*:*:*
zohocorpmanageengine_servicedesk_plus14.2cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.2:14200:*:*:*:*:*:*
zohocorpmanageengine_servicedesk_plus14.2cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.2:14201:*:*:*:*:*:*
zohocorpmanageengine_servicedesk_plus_msp*cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:*:*:*:*:*:*:*:*
zohocorpmanageengine_servicedesk_plus_msp14.2cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:14.2:14200:*:*:*:*:*:*
zohocorpmanageengine_servicedesk_plus_msp14.2cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:14.2:14201:*:*:*:*:*:*
zohocorpmanageengine_servicedesk_plus_msp14.2cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:14.2:14202:*:*:*:*:*:*
zohocorpmanageengine_supportcenter_plus*cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:*:*:*:*:*:*:*:*
zohocorpmanageengine_supportcenter_plus14.2cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:14.2:14200:*:*:*:*:*:*
zohocorpmanageengine_supportcenter_plus14.2cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:14.2:14201:*:*:*:*:*:*

Related

prion 1
nessus 3
cve 1
cvelist 1
prion
prion
Privilege escalation
2023-07-07 13:15:00
nessus
nessus
ManageEngine ServiceDesk Plus < 14.2 Build 14202
2023-11-15 00:00:00
ManageEngine ServiceDesk Plus MSP < 14.3 Build 14300
2023-11-15 00:00:00
ManageEngine SupportCenter Plus < 14.3 Build 14300
2023-11-15 00:00:00
cve
cve
CVE-2023-34197
2023-07-07 13:15:09
cvelist
cvelist
CVE-2023-34197
2023-07-07 00:00:00

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

EPSS

0.003

Percentile

66.2%

JSON
Related for NVD:CVE-2023-34197
prion1nessus3cve1cvelist1