Lucene search
+L

378 matches found

cnnvd
cnnvd
added 2024/11/04 12:0 a.m.33 views

ZOHO ManageEngine ADManager Plus 安全漏洞

ZOHO ManageEngine ADManager Plus is a suite of Microsoft Active Directory management software from ZOHO, Inc. designed for enterprise users using Windows domains. The software assists AD administrators and helpdesk technicians with day-to-day administrative tasks, such as batch management of user...

8.8CVSS7.6AI score0.015EPSS
Exploits0References1
cnnvd
cnnvd
added 2024/10/07 12:0 a.m.8 views

ZOHO ManageEngine ADManager Plus 权限许可和访问控制问题漏洞

ZOHO ManageEngine ADManager Plus is a suite of Microsoft Active Directory management software from ZOHO, Inc. designed for enterprise users using Windows domains. The software assists AD administrators and helpdesk technicians with day-to-day administrative tasks, such as batch management of user...

8.8CVSS6.5AI score0.03941EPSS
Exploits1References3
vulncheck_kev
vulncheck_kev
added 2024/07/01 12:0 a.m.4 views

VulnCheck KEV: CVE-2023-38743

Zoho ManageEngine ADManager Plus before Build 7200 allows admin users to execute commands on the host machine...

7.2CVSS5.9AI score0.11634EPSS
Exploits1References1
ptsecurity
ptsecurity
added 2024/05/06 12:0 a.m.11 views

PT-2024-20388 · Zoho · Zoho Manageengine Admanager Plus

Name of the Vulnerable Software and Affected Versions: Zohocorp ManageEngine ADManager Plus versions 7203 and prior Description: The issue is related to a Privilege Escalation vulnerability in the Modify Computers option. This vulnerability allows for improper privilege management, which can lead...

8.8CVSS7AI score0.03941EPSS
Exploits1References13
exploitdb
exploitdb
added 2024/02/13 12:0 a.m.414 views

ManageEngine ADManager Plus Build < 7183 - Recovery Password Disclosure

Exploit Title: ManageEngine ADManager Plus Build 7183 - Recovery Password Disclosure Exploit Author: Metin Yunus Kandemir Vendor Homepage: https://www.manageengine.com/ Software Link: https://www.manageengine.com/products/ad-manager/ Details:...

6.5CVSS6.6AI score0.05312EPSS
Exploits4
packetstorm
packetstorm
added 2024/02/13 12:0 a.m.412 views

ManageEngine ADManager Plus Recovery Password Disclosure

Exploit Title: ManageEngine ADManager Plus Build 7183 - Recovery Password Disclosure Exploit Author: Metin Yunus Kandemir Vendor Homepage: https://www.manageengine.com/ Software Link: https://www.manageengine.com/products/ad-manager/ Details:...

6.5CVSS7.1AI score0.05312EPSS
Exploits4
zdt
zdt
added 2024/02/13 12:0 a.m.374 views

ManageEngine ADManager Plus Build < 7183 - Recovery Password Disclosure Exploit

Exploit Title: ManageEngine ADManager Plus Build 7183 - Recovery Password Disclosure Exploit Author: Metin Yunus Kandemir Vendor Homepage: https://www.manageengine.com/ Software Link: https://www.manageengine.com/products/ad-manager/ Details:...

6.5CVSS6.6AI score0.05312EPSS
Exploits4
bdu_fstec
bdu_fstec
added 2024/02/02 12:0 a.m.9 views

The vulnerability of the Zoho ManageEngine ADManager Plus software for managing Active Directory services arises from incorrect restrictions on the path to the restricted access directory. This allows attackers to gain unauthorized access to confidential information.

The vulnerability of the Zoho ManageEngine ADManager Plus software for managing Active Directory services is related to an incorrect limitation on the path to the restricted access directory. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to confidential...

3.3CVSS5.4AI score0.01976EPSS
Exploits0References3Affected Software1
bdu_fstec
bdu_fstec
added 2023/12/06 12:0 a.m.11 views

The vulnerability of the ChangePasswordAction function in the Active Directory management software Zoho ManageEngine ADManager Plus, related to errors in processing the invoked URL address, allows a malicious actor to execute arbitrary code.

The vulnerability of the ChangePasswordAction function in the Zoho ManageEngine ADManager Plus software exists due to the lack of measures taken to neutralize special elements used in the operating system command. Exploiting this vulnerability allows a malicious actor to execute arbitrary code...

8.3CVSS7.6AI score0.98388EPSS
Exploits2References6Affected Software1
attackerkb
attackerkb
added 2023/09/27 3:19 p.m.3 views

CVE-2023-41904

Zoho ManageEngine ADManager Plus before 7203 allows 2FA bypass for AuthToken generation in REST APIs...

5.4CVSS5.8AI score0.01988EPSS
Exploits0References2
osv
osv
added 2023/09/27 3:19 p.m.5 views

CVE-2023-41904

Zoho ManageEngine ADManager Plus before 7203 allows 2FA bypass for AuthToken generation in REST APIs...

5.4CVSS5.8AI score0.01988EPSS
Exploits0References1
prion
prion
added 2023/09/27 3:19 p.m.21 views

Authentication flaw

Zoho ManageEngine ADManager Plus before 7203 allows 2FA bypass for AuthToken generation in REST APIs...

5.5CVSS5.6AI score0.01988EPSS
Exploits0References1Affected Software1
cnnvd
cnnvd
added 2023/09/27 12:0 a.m.8 views

Zoho ManageEngine ADManager Plus Authorization Issues Vulnerability

ZOHO ManageEngine ADManager Plus is a suite of Microsoft Active Directory management software from ZOHO designed for enterprise users using Windows domains. The software assists AD administrators and helpdesk technicians with day-to-day administrative tasks, such as batch management of user...

5.4CVSS6.8AI score0.01988EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2023/09/26 12:0 a.m.16 views

CVE-2023-41904

Zoho ManageEngine ADManager Plus before 7203 allows 2FA bypass for AuthToken generation in REST APIs...

7AI score0.01988EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2023/09/26 12:0 a.m.6 views

PT-2023-28159 · Zoho · Zoho Manageengine Admanager Plus

Name of the Vulnerable Software and Affected Versions: Zoho ManageEngine ADManager Plus versions prior to 7203 Description: The issue allows 2FA bypass for AuthToken generation in REST APIs. Recommendations: For versions prior to 7203, update to version 7203 or later to resolve the issue. As a...

5.4CVSS5.3AI score0.01988EPSS
Exploits0References4
cve
cve
added 2023/09/26 12:0 a.m.2505 views

CVE-2023-41904

CVE-2023-41904 affects Zoho ManageEngine ADManager Plus prior to version 7203, where the REST APIs suffer a 2FA bypass in AuthToken generation. This enables unauthorized access via REST endpoints, per multiple sources. Remediation is to upgrade to version 7203 or later; as a temporary measure, re...

5.4CVSS5.5AI score0.01988EPSS
Exploits0References1Affected Software1
bdu_fstec
bdu_fstec
added 2023/09/13 12:0 a.m.7 views

The vulnerability of the Zoho ManageEngine ADManager Plus software for managing Active Directory services stems from deficiencies in access control. This allows attackers to execute arbitrary commands with superuser privileges.

The vulnerability of the Zoho ManageEngine ADManager Plus software for managing Active Directory services is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands with superuser privileges remotely...

9CVSS7.4AI score0.11634EPSS
Exploits1References2
nvd
nvd
added 2023/09/11 7:15 p.m.27 views

CVE-2023-38743

Zoho ManageEngine ADManager Plus before Build 7200 allows admin users to execute commands on the host machine...

7.2CVSS7.2AI score0.11634EPSS
Exploits1References1
prion
prion
added 2023/09/11 7:15 p.m.19 views

Command injection

Zoho ManageEngine ADManager Plus before Build 7200 allows admin users to execute commands on the host machine...

5.8CVSS7.1AI score0.11634EPSS
Exploits1References1Affected Software1
vulnrichment
vulnrichment
added 2023/09/11 12:0 a.m.7 views

CVE-2023-38743

Zoho ManageEngine ADManager Plus before Build 7200 allows admin users to execute commands on the host machine...

7.3AI score0.11634EPSS
Exploits1References1
Rows per page
Query Builder