CRITICAL🇬🇧 English

CVE-2023-35854

CVSS 9.8v3.1pub. 2023-06-20upd. 2024-11-21

Zoho ManageEngine ADSelfService Plus through 6113 has an authentication bypass that can be exploited to steal the domain controller session token for identity spoofing, thereby achieving the privileges of the domain controller administrator. NOTE: the vendor's perspective is that they have "found no evidence or detail of a security vulnerability."

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Zohocorp Manageengine Adselfservice Plus

    APP
    Zohocorp
    6.1< 6.1
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Auth Bypass
CWE
Referencje

Powiązane podatności

CVE-2022-47966CRITICAL9.8⚠ KEVten sam produkt

Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code exec...

CVE-2021-40539CRITICAL9.8⚠ KEVten sam produkt

Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass wi...

CVE-2025-11250CRITICAL9.1PL ✓ten sam produkt

Authentication Bypass w Zohocorp ManageEngine ADSelfService Plus

CVE-2022-36413CRITICAL9.1ten sam produkt

Zoho ManageEngine ADSelfService Plus through 6203 is vulnerable to a brute-force attack that leads to a passwo...

CVE-2021-37423CRITICAL9.8ten sam produkt

Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to linked applications takeover.