CVE-2023-28342 — HIGH (7.5)

Vulnerability Description

Zoho ManageEngine ADSelfService Plus before 6218 allows anyone to conduct a Denial-of-Service attack via the Mobile App Authentication API.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Zohocorp	Manageengine Adselfservice Plus	4.5

Related Weaknesses (CWE)

CWE-400

References

https://manageengine.comProduct
https://www.manageengine.com/products/self-service-password/advisory/CVE-2023-28Vendor Advisory
https://manageengine.comProduct
https://www.manageengine.com/products/self-service-password/advisory/CVE-2023-28Vendor Advisory

FAQ

What is CVE-2023-28342?

CVE-2023-28342 is a vulnerability with a CVSS score of 7.5 (HIGH). Zoho ManageEngine ADSelfService Plus before 6218 allows anyone to conduct a Denial-of-Service attack via the Mobile App Authentication API.

How severe is CVE-2023-28342?

CVE-2023-28342 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-28342?

Check the references section above for vendor advisories and patch information. Affected products include: Zohocorp Manageengine Adselfservice Plus.