The version of ManageEngine SupportCenter Plus prior to 14.0 Build 14001 is running on the remote web server. It is, therefore, affected by a denial of service vulnerability:

– A Denial of Service vulnerability in image upload. This vulnerability allows an attacker to exploit the way an API method allocates memory by sending a small image file with a large size defined in the header, causing the application to crash or become unresponsive. (CVE-2023-26601)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.Read More