Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
vulnrichmentMitreVULNRICHMENT:CVE-2023-35854
HistoryJun 20, 2023 - 12:00 a.m.

CVE-2023-35854

2023-06-2000:00:00
mitre
github.com
2
zoho manageengine
authentication bypass
domain controller

AI Score

7.3

Confidence

Low

EPSS

0.07

Percentile

94.0%

SSVC

Exploitation

none

Automatable

no

Technical Impact

total

JSON

Zoho ManageEngine ADSelfService Plus through 6113 has an authentication bypass that can be exploited to steal the domain controller session token for identity spoofing, thereby achieving the privileges of the domain controller administrator. NOTE: the vendor’s perspective is that they have “found no evidence or detail of a security vulnerability.”

Related

cvelist 1
cve 1
prion 1
nvd 1
cvelist
cvelist
CVE-2023-35854
2023-06-20 00:00:00
cve
cve
CVE-2023-35854
2023-06-20 12:15:09
prion
prion
Authentication flaw
2023-06-20 12:15:00
nvd
nvd
CVE-2023-35854
2023-06-20 12:15:09

AI Score

7.3

Confidence

Low

EPSS

0.07

Percentile

94.0%

SSVC

Exploitation

none

Automatable

no

Technical Impact

total

JSON
Related for VULNRICHMENT:CVE-2023-35854
cvelist1cve1prion1nvd1