CVE-2023-26600

MEDIUM

ManageEngine - Privilege Escalation

Title source: llm

Description

ManageEngine ServiceDesk Plus through 14104, ServiceDesk Plus MSP through 14000, Support Center Plus through 14000, and Asset Explorer through 6987 allow privilege escalation via query reports.

References (2)

Core 2

Core References

Product

https://manageengine.com

Vendor Advisory

https://www.manageengine.com/products/service-desk/CVE-2023-26600.html

Scores

CVSS v3 6.5

EPSS 0.0022

EPSS Percentile 44.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-269

Status published

Products (5)

zohocorp/manageengine_assetexplorer 6.9 (37 CPE variants)

zohocorp/manageengine_assetexplorer < 6.9

zohocorp/manageengine_servicedesk_plus 14.1 (5 CPE variants)

zohocorp/manageengine_servicedesk_plus < 14.1

zohocorp/manageengine_servicedesk_plus_msp 13.0 (6 CPE variants)

Published Mar 06, 2023

Tracked Since Feb 18, 2026