Zoho ManageEngine ADSelfService Plus through 6113 has an authentication bypass that can be exploited to steal the domain controller session token for identity spoofing, thereby achieving the privileges of the domain controller administrator. NOTE: the vendor's perspective is that they have "found no evidence or detail of a security vulnerability."
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2023-06-20T00:00:00

Updated: 2024-08-02T16:30:45.400Z

Reserved: 2023-06-19T00:00:00

Link: CVE-2023-35854

cve-icon Vulnrichment

Updated: 2024-08-02T16:30:45.400Z

cve-icon NVD

Status : Modified

Published: 2023-06-20T12:15:09.690

Modified: 2024-11-21T08:08:49.827

Link: CVE-2023-35854

cve-icon Redhat

No data.