Vulnerability Description
Zoho ManageEngine ADSelfService Plus through 6113 has an authentication bypass that can be exploited to steal the domain controller session token for identity spoofing, thereby achieving the privileges of the domain controller administrator. NOTE: the vendor's perspective is that they have "found no evidence or detail of a security vulnerability."
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Zohocorp | Manageengine Adselfservice Plus | < 6.1 |
Related Weaknesses (CWE)
References
- https://github.com/970198175/Simply-useThird Party Advisory
- https://www.manageengine.comProduct
- https://github.com/970198175/Simply-useThird Party Advisory
- https://www.manageengine.comProduct
FAQ
What is CVE-2023-35854?
CVE-2023-35854 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Zoho ManageEngine ADSelfService Plus through 6113 has an authentication bypass that can be exploited to steal the domain controller session token for identity spoofing, thereby achieving the privilege...
How severe is CVE-2023-35854?
CVE-2023-35854 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2023-35854?
Check the references section above for vendor advisories and patch information. Affected products include: Zohocorp Manageengine Adselfservice Plus.