CVE-2023-35854

Published: Jun 20, 2023

Modified: Aug 2, 2024

PUBLISHED

Description

Zoho ManageEngine ADSelfService Plus through 6113 has an authentication bypass that can be exploited to steal the domain controller session token for identity spoofing, thereby achieving the privileges of the domain controller administrator. NOTE: the vendor's perspective is that they have "found no evidence or detail of a security vulnerability."

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://www.manageengine.com

https://github.com/970198175/Simply-use

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2023-35854

Description

Affected Products

References