CVE ID : CVE-2023-26600
|Product Name||Severity||Affected Version(s)||Fixed Version||Fixed On|
|ServiceDesk Plus||Medium||14103 and below||14104||Jan. 24, 2023|
|ServiceDesk Plus MSP||Medium||13004 and below||14000||Jan. 23, 2023|
|SupportCenter Plus||Medium||11027 and below||14000||Feb. 02, 2023|
|AssetExplorer||Medium||6987 and below||6988||Jan. 24, 2023|
This vulnerability allows an attacker to gain access to restricted data in a Postgres database system by utilizing a certain PostgreSQL function in the query, allowing the validation process to be bypassed.
Users who have access to query reports can access restricted data.
Steps to upgrade
This vulnerability was reported by Piotr Bazydlo (@chudyPB) of Trend Micro's Zero Day Initiative.
If you have any questions or concerns, please contact product support at the email addresses below.
ServiceDesk Plus: firstname.lastname@example.org
ServiceDesk Plus MSP: email@example.com
SupportCenter Plus: firstname.lastname@example.org