THREATINT

We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Fathom (Privacy friendly web analytics)
Zendesk (Helpdesk and Chat)

Ok

Home | EN
Support
CVE
PUBLISHED

CVE-2023-35854

Assignermitre
Reserved2023-06-19
Published2023-06-20
Updated2024-07-08

Description

Zoho ManageEngine ADSelfService Plus through 6113 has an authentication bypass that can be exploited to steal the domain controller session token for identity spoofing, thereby achieving the privileges of the domain controller administrator. NOTE: the vendor's perspective is that they have "found no evidence or detail of a security vulnerability."

References

https://www.manageengine.com

https://github.com/970198175/Simply-use

cve.org CVE-2023-35854

nvd.nist.gov CVE-2023-35854

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2023-35854