CVE-2023-34197

MEDIUM

Zoho ManageEngine <14202-14300 - Privilege Escalation

Title source: llm

Description

Zoho ManageEngine ServiceDesk Plus before 14202, ServiceDesk Plus MSP before 14300, and SupportCenter Plus before 14300 have a privilege escalation vulnerability in the Release module that allows unprivileged users to access the Reminders of a release ticket and make modifications.

References (1)

Core 1

Core References

Vendor Advisory

https://www.manageengine.com/products/service-desk/CVE-2023-34197.html

Scores

CVSS v3 5.4

EPSS 0.0016

EPSS Percentile 36.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-863

Status published

Products (6)

zohocorp/manageengine_servicedesk_plus 14.2 14200 (2 CPE variants)

zohocorp/manageengine_servicedesk_plus < 14.2

zohocorp/manageengine_servicedesk_plus_msp 14.2 14200 (3 CPE variants)

zohocorp/manageengine_servicedesk_plus_msp < 14.2

zohocorp/manageengine_supportcenter_plus 14.2 14200 (2 CPE variants)

zohocorp/manageengine_supportcenter_plus < 14.2

Published Jul 07, 2023

Tracked Since Feb 18, 2026