CVE-2023-35719

CVSS 3.1 Score 6.8 of 10 (medium)

Details

Published Sep 6, 2023

Updated: Sep 11, 2023

CWE ID 345

Summary

CVE-2023-35719 is a vulnerability affecting ManageEngine ADSelfService Plus and its GINA client. Attackers can exploit this issue, which involves insufficient data authenticity verification during authentication, to execute arbitrary code without requiring credentials. The flaw is situated in the Password Reset Portal, and it stems from inadequate HTTP data authentication checks. Consequently, attackers can bypass authentication and run code with SYSTEM privileges.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

ManageEngine ADSelfService Plus

Affected Vendors

Zoho Corporation

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/ru_V7n
https://www.cve.org/CVERecord?id=CVE-2023-35719
https://nvd.nist.gov/vuln/detail/CVE-2023-35719

Back to Vulnerability Database