Published: 20/06/2023 Updated: 11/04/2024

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 0

Subscribe to Manageengine Adselfservice Plus

Zoho ManageEngine ADSelfService Plus through 6113 has an authentication bypass that can be exploited to steal the domain controller session token for identity spoofing, thereby achieving the privileges of the domain controller administrator. NOTE: the vendor's perspective is that they have "found no evidence or detail of a security vulnerability."

Vulnerable Product	Search on Vulmon	Subscribe to Product
zohocorp manageengine adselfservice plus 6.1
zohocorp manageengine adselfservice plus

A simple vulnerability library

cve-2023-35854 [CVE ID] CVE-2023-35854 [PRODUCT] Zoho ManageEngine ADSelfService Plus [VERSION] Zoho ManageEngine ADSelfService Plus - 6113 and prior [PROBLEM TYPE] Authentication Bypass Vulnerability [DESCRIPTION] Zoho ManageEngine ADSelfService Plus through 6113 has an authentication bypass that can be exploited to steal the domain controller session token for identity spoofi

A simple vulnerability library

cve-2023-35854 [CVE ID] CVE-2023-35854 [PRODUCT] Zoho ManageEngine ADSelfService Plus [VERSION] Zoho ManageEngine ADSelfService Plus - 6113 and prior [PROBLEM TYPE] Authentication Bypass Vulnerability [DESCRIPTION] Zoho ManageEngine ADSelfService Plus through 6113 has an authentication bypass that can be exploited to steal the domain controller session token for identity spoofi

CWE-306 https://www.manageengine.com https://github.com/970198175/Simply-use https://nvd.nist.gov https://github.com/970198175/cve-2023-35854

CVE-2023-35854

Vulnerability Summary

Github Repositories

References

Vulmon Search

About

Products

Connect