Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2023-35785
HistoryAug 28, 2023 - 8:15 p.m.

CVE-2023-35785

2023-08-2820:15:08
CWE-287
[email protected]
web.nvd.nist.gov
68
cve-2023-35785
zoho manageengine
active directory 360
adaudit plus
admanager plus
asset explorer
cloud security plus
data security plus
eventlog analyzer
log360
log360 ueba
m365 manager plus
m365 security plus
recovery manager plus
servicedesk plus
sharepoint manager plus
support center plus
2fa bypass
totp authenticators
vulnerability
nvd

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

8 High

AI Score

Confidence

High

0.025 Low

EPSS

Percentile

90.1%

JSON

Zoho ManageEngine Active Directory 360 versions 4315 and below, ADAudit Plus 7202 and below, ADManager Plus 7200 and below, Asset Explorer 6993 and below and 7xxx 7002 and below, Cloud Security Plus 4161 and below, Data Security Plus 6110 and below, Eventlog Analyzer 12301 and below, Exchange Reporter Plus 5709 and below, Log360 5315 and below, Log360 UEBA 4045 and below, M365 Manager Plus 4529 and below, M365 Security Plus 4529 and below, Recovery Manager Plus 6061 and below, ServiceDesk Plus 14204 and below and 143xx 14302 and below, ServiceDesk Plus MSP 14300 and below, SharePoint Manager Plus 4402 and below, and Support Center Plus 14300 and below are vulnerable to 2FA bypass via a few TOTP authenticators. Note: A valid pair of username and password is required to leverage this vulnerability.

Affected configurations

NVD
Node
zohocorpmanageengine_ad360Range<4.3
OR
zohocorpmanageengine_ad360Match4.34300
OR
zohocorpmanageengine_ad360Match4.34302
OR
zohocorpmanageengine_ad360Match4.34303
OR
zohocorpmanageengine_ad360Match4.34304
OR
zohocorpmanageengine_ad360Match4.34305
OR
zohocorpmanageengine_ad360Match4.34306
OR
zohocorpmanageengine_ad360Match4.34308
OR
zohocorpmanageengine_ad360Match4.34309
OR
zohocorpmanageengine_ad360Match4.34310
OR
zohocorpmanageengine_ad360Match4.34312
OR
zohocorpmanageengine_ad360Match4.34313
OR
zohocorpmanageengine_ad360Match4.34314
OR
zohocorpmanageengine_ad360Match4.34315
Node
zohocorpmanageengine_adaudit_plusRange<7.2
OR
zohocorpmanageengine_adaudit_plusMatch7.27200
OR
zohocorpmanageengine_adaudit_plusMatch7.27201
OR
zohocorpmanageengine_adaudit_plusMatch7.27202
Node
zohocorpmanageengine_admanager_plusRange<7.2
OR
zohocorpmanageengine_admanager_plusMatch7.27201
Node
zohocorpmanageengine_assetexplorerRange<6.9
OR
zohocorpmanageengine_assetexplorerMatch6.9-
OR
zohocorpmanageengine_assetexplorerMatch6.96900
OR
zohocorpmanageengine_assetexplorerMatch6.96901
OR
zohocorpmanageengine_assetexplorerMatch6.96902
OR
zohocorpmanageengine_assetexplorerMatch6.96903
OR
zohocorpmanageengine_assetexplorerMatch6.96904
OR
zohocorpmanageengine_assetexplorerMatch6.96905
OR
zohocorpmanageengine_assetexplorerMatch6.96906
OR
zohocorpmanageengine_assetexplorerMatch6.96907
OR
zohocorpmanageengine_assetexplorerMatch6.96908
OR
zohocorpmanageengine_assetexplorerMatch6.96909
OR
zohocorpmanageengine_assetexplorerMatch6.96950
OR
zohocorpmanageengine_assetexplorerMatch6.96951
OR
zohocorpmanageengine_assetexplorerMatch6.96952
OR
zohocorpmanageengine_assetexplorerMatch6.96953
OR
zohocorpmanageengine_assetexplorerMatch6.96954
OR
zohocorpmanageengine_assetexplorerMatch6.96955
OR
zohocorpmanageengine_assetexplorerMatch6.96956
OR
zohocorpmanageengine_assetexplorerMatch6.96957
OR
zohocorpmanageengine_assetexplorerMatch6.96970
OR
zohocorpmanageengine_assetexplorerMatch6.96971
OR
zohocorpmanageengine_assetexplorerMatch6.96972
OR
zohocorpmanageengine_assetexplorerMatch6.96973
OR
zohocorpmanageengine_assetexplorerMatch6.96974
OR
zohocorpmanageengine_assetexplorerMatch6.96975
OR
zohocorpmanageengine_assetexplorerMatch6.96976
OR
zohocorpmanageengine_assetexplorerMatch6.96977
OR
zohocorpmanageengine_assetexplorerMatch6.96978
OR
zohocorpmanageengine_assetexplorerMatch6.96979
OR
zohocorpmanageengine_assetexplorerMatch6.96980
OR
zohocorpmanageengine_assetexplorerMatch6.96981
OR
zohocorpmanageengine_assetexplorerMatch6.96982
OR
zohocorpmanageengine_assetexplorerMatch6.96983
OR
zohocorpmanageengine_assetexplorerMatch6.96984
OR
zohocorpmanageengine_assetexplorerMatch6.96985
OR
zohocorpmanageengine_assetexplorerMatch6.96986
OR
zohocorpmanageengine_assetexplorerMatch6.96987
OR
zohocorpmanageengine_assetexplorerMatch6.96988
OR
zohocorpmanageengine_assetexplorerMatch6.96989
OR
zohocorpmanageengine_assetexplorerMatch6.96990
OR
zohocorpmanageengine_assetexplorerMatch6.96991
OR
zohocorpmanageengine_assetexplorerMatch6.96992
OR
zohocorpmanageengine_assetexplorerMatch6.96993
OR
zohocorpmanageengine_assetexplorerMatch7.07000
OR
zohocorpmanageengine_assetexplorerMatch7.07001
Node
zohocorpmanageengine_cloud_security_plusRange<4.1
OR
zohocorpmanageengine_cloud_security_plusMatch4.14100
OR
zohocorpmanageengine_cloud_security_plusMatch4.14101
OR
zohocorpmanageengine_cloud_security_plusMatch4.14102
OR
zohocorpmanageengine_cloud_security_plusMatch4.14103
OR
zohocorpmanageengine_cloud_security_plusMatch4.14104
OR
zohocorpmanageengine_cloud_security_plusMatch4.14105
OR
zohocorpmanageengine_cloud_security_plusMatch4.14106
OR
zohocorpmanageengine_cloud_security_plusMatch4.14107
OR
zohocorpmanageengine_cloud_security_plusMatch4.14108
OR
zohocorpmanageengine_cloud_security_plusMatch4.14109
OR
zohocorpmanageengine_cloud_security_plusMatch4.14110
OR
zohocorpmanageengine_cloud_security_plusMatch4.14111
OR
zohocorpmanageengine_cloud_security_plusMatch4.14112
OR
zohocorpmanageengine_cloud_security_plusMatch4.14113
OR
zohocorpmanageengine_cloud_security_plusMatch4.14115
OR
zohocorpmanageengine_cloud_security_plusMatch4.14116
OR
zohocorpmanageengine_cloud_security_plusMatch4.14117
OR
zohocorpmanageengine_cloud_security_plusMatch4.14118
OR
zohocorpmanageengine_cloud_security_plusMatch4.14119
OR
zohocorpmanageengine_cloud_security_plusMatch4.14120
OR
zohocorpmanageengine_cloud_security_plusMatch4.14121
OR
zohocorpmanageengine_cloud_security_plusMatch4.14122
OR
zohocorpmanageengine_cloud_security_plusMatch4.14130
OR
zohocorpmanageengine_cloud_security_plusMatch4.14131
OR
zohocorpmanageengine_cloud_security_plusMatch4.14140
OR
zohocorpmanageengine_cloud_security_plusMatch4.14141
OR
zohocorpmanageengine_cloud_security_plusMatch4.14150
OR
zohocorpmanageengine_cloud_security_plusMatch4.14160
OR
zohocorpmanageengine_cloud_security_plusMatch4.14161
Node
zohocorpmanageengine_datasecurity_plusRange<6.1
OR
zohocorpmanageengine_datasecurity_plusMatch6.16100
OR
zohocorpmanageengine_datasecurity_plusMatch6.16101
OR
zohocorpmanageengine_datasecurity_plusMatch6.16110
Node
zohocorpmanageengine_eventlog_analyzerRange<12.3.0
OR
zohocorpmanageengine_eventlog_analyzerMatch12.3.012300
OR
zohocorpmanageengine_eventlog_analyzerMatch12.3.012301
Node
zohocorpmanageengine_exchange_reporter_plusRange<5.7
OR
zohocorpmanageengine_exchange_reporter_plusMatch5.75700
OR
zohocorpmanageengine_exchange_reporter_plusMatch5.75701
OR
zohocorpmanageengine_exchange_reporter_plusMatch5.75702
OR
zohocorpmanageengine_exchange_reporter_plusMatch5.75703
OR
zohocorpmanageengine_exchange_reporter_plusMatch5.75704
OR
zohocorpmanageengine_exchange_reporter_plusMatch5.75705
OR
zohocorpmanageengine_exchange_reporter_plusMatch5.75706
OR
zohocorpmanageengine_exchange_reporter_plusMatch5.75707
OR
zohocorpmanageengine_exchange_reporter_plusMatch5.75708
OR
zohocorpmanageengine_exchange_reporter_plusMatch5.75709
Node
zohocorpmanageengine_log360Range<5.3
OR
zohocorpmanageengine_log360Match5.3build5300
OR
zohocorpmanageengine_log360Match5.3build5301
OR
zohocorpmanageengine_log360Match5.3build5302
OR
zohocorpmanageengine_log360Match5.3build5305
OR
zohocorpmanageengine_log360Match5.3build5310
OR
zohocorpmanageengine_log360Match5.3build5311
OR
zohocorpmanageengine_log360Match5.3build5315
Node
zohocorpmanageengine_log360_uebaMatch4.0build4010
OR
zohocorpmanageengine_log360_uebaMatch4.0build4011
OR
zohocorpmanageengine_log360_uebaMatch4.0build4015
OR
zohocorpmanageengine_log360_uebaMatch4.0build4016
OR
zohocorpmanageengine_log360_uebaMatch4.0build4020
OR
zohocorpmanageengine_log360_uebaMatch4.0build4021
OR
zohocorpmanageengine_log360_uebaMatch4.0build4023
OR
zohocorpmanageengine_log360_uebaMatch4.0build4024
OR
zohocorpmanageengine_log360_uebaMatch4.0build4025
OR
zohocorpmanageengine_log360_uebaMatch4.0build4026
OR
zohocorpmanageengine_log360_uebaMatch4.0build4027
OR
zohocorpmanageengine_log360_uebaMatch4.0build4028
OR
zohocorpmanageengine_log360_uebaMatch4.0build4030
OR
zohocorpmanageengine_log360_uebaMatch4.0build4031
OR
zohocorpmanageengine_log360_uebaMatch4.0build4034
OR
zohocorpmanageengine_log360_uebaMatch4.0build4035
OR
zohocorpmanageengine_log360_uebaMatch4.0build4036
OR
zohocorpmanageengine_log360_uebaMatch4.0build4040
OR
zohocorpmanageengine_log360_uebaMatch4.0build4043
OR
zohocorpmanageengine_log360_uebaMatch4.0build4045
Node
zohocorpmanageengine_m365_manager_plusRange<4.5
OR
zohocorpmanageengine_m365_manager_plusMatch4.5build4500
OR
zohocorpmanageengine_m365_manager_plusMatch4.5build4502
OR
zohocorpmanageengine_m365_manager_plusMatch4.5build4503
OR
zohocorpmanageengine_m365_manager_plusMatch4.5build4504
OR
zohocorpmanageengine_m365_manager_plusMatch4.5build4505
OR
zohocorpmanageengine_m365_manager_plusMatch4.5build4507
OR
zohocorpmanageengine_m365_manager_plusMatch4.5build4508
OR
zohocorpmanageengine_m365_manager_plusMatch4.5build4509
OR
zohocorpmanageengine_m365_manager_plusMatch4.5build4510
OR
zohocorpmanageengine_m365_manager_plusMatch4.5build4511
OR
zohocorpmanageengine_m365_manager_plusMatch4.5build4512
OR
zohocorpmanageengine_m365_manager_plusMatch4.5build4513
OR
zohocorpmanageengine_m365_manager_plusMatch4.5build4514
OR
zohocorpmanageengine_m365_manager_plusMatch4.5build4516
OR
zohocorpmanageengine_m365_manager_plusMatch4.5build4517
OR
zohocorpmanageengine_m365_manager_plusMatch4.5build4518
OR
zohocorpmanageengine_m365_manager_plusMatch4.5build4519
OR
zohocorpmanageengine_m365_manager_plusMatch4.5build4520
OR
zohocorpmanageengine_m365_manager_plusMatch4.5build4523
OR
zohocorpmanageengine_m365_manager_plusMatch4.5build4525
OR
zohocorpmanageengine_m365_manager_plusMatch4.5build4527
OR
zohocorpmanageengine_m365_manager_plusMatch4.5build4528
OR
zohocorpmanageengine_m365_manager_plusMatch4.5build4529
Node
zohocorpmanageengine_m365_security_plusRange<4.5
OR
zohocorpmanageengine_m365_security_plusMatch4.54500
OR
zohocorpmanageengine_m365_security_plusMatch4.54502
OR
zohocorpmanageengine_m365_security_plusMatch4.54503
OR
zohocorpmanageengine_m365_security_plusMatch4.54504
OR
zohocorpmanageengine_m365_security_plusMatch4.54505
OR
zohocorpmanageengine_m365_security_plusMatch4.54507
OR
zohocorpmanageengine_m365_security_plusMatch4.54508
OR
zohocorpmanageengine_m365_security_plusMatch4.54509
OR
zohocorpmanageengine_m365_security_plusMatch4.54510
OR
zohocorpmanageengine_m365_security_plusMatch4.54511
OR
zohocorpmanageengine_m365_security_plusMatch4.54512
OR
zohocorpmanageengine_m365_security_plusMatch4.54513
OR
zohocorpmanageengine_m365_security_plusMatch4.54514
OR
zohocorpmanageengine_m365_security_plusMatch4.54516
OR
zohocorpmanageengine_m365_security_plusMatch4.54517
OR
zohocorpmanageengine_m365_security_plusMatch4.54518
OR
zohocorpmanageengine_m365_security_plusMatch4.54519
OR
zohocorpmanageengine_m365_security_plusMatch4.54520
OR
zohocorpmanageengine_m365_security_plusMatch4.54523
OR
zohocorpmanageengine_m365_security_plusMatch4.54525
OR
zohocorpmanageengine_m365_security_plusMatch4.54527
OR
zohocorpmanageengine_m365_security_plusMatch4.54528
OR
zohocorpmanageengine_m365_security_plusMatch4.54529
Node
zohocorpmanageengine_recoverymanager_plusRange<6.0
OR
zohocorpmanageengine_recoverymanager_plusMatch6.0build6001
OR
zohocorpmanageengine_recoverymanager_plusMatch6.0build6003
OR
zohocorpmanageengine_recoverymanager_plusMatch6.0build6005
OR
zohocorpmanageengine_recoverymanager_plusMatch6.0build6011
OR
zohocorpmanageengine_recoverymanager_plusMatch6.0build6016
OR
zohocorpmanageengine_recoverymanager_plusMatch6.0build6017
OR
zohocorpmanageengine_recoverymanager_plusMatch6.0build6020
OR
zohocorpmanageengine_recoverymanager_plusMatch6.0build6025
OR
zohocorpmanageengine_recoverymanager_plusMatch6.0build6026
OR
zohocorpmanageengine_recoverymanager_plusMatch6.0build6030
OR
zohocorpmanageengine_recoverymanager_plusMatch6.0build6031
OR
zohocorpmanageengine_recoverymanager_plusMatch6.0build6032
OR
zohocorpmanageengine_recoverymanager_plusMatch6.0build6041
OR
zohocorpmanageengine_recoverymanager_plusMatch6.0build6042
OR
zohocorpmanageengine_recoverymanager_plusMatch6.0build6043
OR
zohocorpmanageengine_recoverymanager_plusMatch6.0build6044
OR
zohocorpmanageengine_recoverymanager_plusMatch6.0build6047
OR
zohocorpmanageengine_recoverymanager_plusMatch6.0build6049
OR
zohocorpmanageengine_recoverymanager_plusMatch6.0build6050
OR
zohocorpmanageengine_recoverymanager_plusMatch6.0build6051
OR
zohocorpmanageengine_recoverymanager_plusMatch6.0build6053
OR
zohocorpmanageengine_recoverymanager_plusMatch6.0build6054
OR
zohocorpmanageengine_recoverymanager_plusMatch6.0build6056
OR
zohocorpmanageengine_recoverymanager_plusMatch6.0build6057
OR
zohocorpmanageengine_recoverymanager_plusMatch6.0build6058
OR
zohocorpmanageengine_recoverymanager_plusMatch6.0build6060
OR
zohocorpmanageengine_recoverymanager_plusMatch6.0build6061
Node
zohocorpmanageengine_servicedesk_plusRange<14.2
OR
zohocorpmanageengine_servicedesk_plusMatch14.214200
OR
zohocorpmanageengine_servicedesk_plusMatch14.214201
OR
zohocorpmanageengine_servicedesk_plusMatch14.214202
OR
zohocorpmanageengine_servicedesk_plusMatch14.214203
OR
zohocorpmanageengine_servicedesk_plusMatch14.214204
OR
zohocorpmanageengine_servicedesk_plusMatch14.314300
OR
zohocorpmanageengine_servicedesk_plusMatch14.314301
OR
zohocorpmanageengine_servicedesk_plusMatch14.314302
Node
zohocorpmanageengine_servicedesk_plus_mspRange<14.3
OR
zohocorpmanageengine_servicedesk_plus_mspMatch14.314300
Node
zohocorpmanageengine_sharepoint_manager_plusRange<4.4
OR
zohocorpmanageengine_sharepoint_manager_plusMatch4.44400
OR
zohocorpmanageengine_sharepoint_manager_plusMatch4.44401
OR
zohocorpmanageengine_sharepoint_manager_plusMatch4.44402
Node
zohocorpmanageengine_supportcenter_plusRange<14.3
OR
zohocorpmanageengine_supportcenter_plusMatch14.314300

Related

prion 1
nessus 1
cvelist 1
nvd 1
prion
prion
Spoofing
2023-08-28 20:15:00
nessus
nessus
ManageEngine ADManager Plus < Build 7201 TFA Bypass
2023-09-07 00:00:00
cvelist
cvelist
CVE-2023-35785
2023-08-28 00:00:00
nvd
nvd
CVE-2023-35785
2023-08-28 20:15:08

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

8 High

AI Score

Confidence

High

0.025 Low

EPSS

Percentile

90.1%

JSON
Related for CVE-2023-35785
prion1nessus1cvelist1nvd1