CVE ID : CVE-2023-34197
|Product Name||Severity||Affected Version(s)||Fixed Version||Fixed On|
|ServiceDesk Plus||Low||14201 and below||14202||May 06, 2023|
|ServiceDesk Plus MSP||Low||14202 and below||14300||June 19, 2023|
|SupportCenter Plus||Low||14201 and below||14300||June 19, 2023|
A privilege escalation vulnerability in the Release module allowed unprivileged users to access the Reminders of a release ticket and modify it.
The vulnerability can be exploited by unprivileged users to view, create, edit or delete reminders for Releases.
Steps to upgrade
This vulnerability was reported by 4rth4s on our bug bounty portal.
If you have any questions or concerns, please contact product support at the email addresses below.
ServiceDesk Plus: firstname.lastname@example.org
ServiceDesk Plus MSP: email@example.com
SupportCenter Plus: firstname.lastname@example.org