PT-2023-20760 · Zoho · Zoho Manageengine Servicedesk Plus+2
Chudypb
+1
·
Published
2023-03-06
·
Updated
2023-03-13
·
CVE-2023-26601
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Zoho ManageEngine ServiceDesk Plus versions through 14104
Zoho ManageEngine Asset Explorer versions through 6987
Zoho ManageEngine ServiceDesk Plus MSP versions prior to 14000
Zoho ManageEngine Support Center Plus versions prior to 14000
Description
The issue allows for Denial-of-Service (DoS). It is related to improper input validation in the ImageUploadServlet of ManageEngine ServiceDesk Plus.
Recommendations
For Zoho ManageEngine ServiceDesk Plus versions through 14104, update to a version after 14104 to resolve the issue.
For Zoho ManageEngine Asset Explorer versions through 6987, update to a version after 6987 to resolve the issue.
For Zoho ManageEngine ServiceDesk Plus MSP versions prior to 14000, update to version 14000 or later to resolve the issue.
For Zoho ManageEngine Support Center Plus versions prior to 14000, update to version 14000 or later to resolve the issue.
As a temporary workaround, consider restricting access to the ImageUploadServlet to minimize the risk of exploitation.
Fix
Resource Exhaustion
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Zoho Manageengine Assetexplorer
Zoho Manageengine Servicedesk Plus
Zoho Manageengine Supportcenter Plus