Zoho ManageEngine ADSelfService Plus through 6113 has an authentication bypass that can be exploited to steal the domain controller session token for identity spoofing, thereby achieving the privileges of the domain controller administrator. NOTE: the vendor's perspective is that they have "found no evidence or detail of a security vulnerability."
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2023-06-20T00:00:00
Updated: 2024-08-02T16:30:45.400Z
Reserved: 2023-06-19T00:00:00
Link: CVE-2023-35854
Vulnrichment
Updated: 2024-08-02T16:30:45.400Z
NVD
Status : Modified
Published: 2023-06-20T12:15:09.690
Modified: 2024-11-21T08:08:49.827
Link: CVE-2023-35854
Redhat
No data.