Executive Summary

Informations
Name CVE-2023-35785 First vendor Publication 2023-08-28
Vendor Cve Last vendor Modification 2024-03-12

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Overall CVSS Score 8.1
Base Score 8.1 Environmental Score 8.1
impact SubScore 5.9 Temporal Score 8.1
Exploitabality Sub Score 2.2
 
Attack Vector Network Attack Complexity High
Privileges Required None User Interaction None
Scope Unchanged Confidentiality Impact High
Integrity Impact High Availability Impact High
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score N/A Attack Range N/A
Cvss Impact Score N/A Attack Complexity N/A
Cvss Expoit Score N/A Authentication N/A
Calculate full CVSS 2.0 Vectors scores

Detail

Zoho ManageEngine Active Directory 360 versions 4315 and below, ADAudit Plus 7202 and below, ADManager Plus 7200 and below, Asset Explorer 6993 and below and 7xxx 7002 and below, Cloud Security Plus 4161 and below, Data Security Plus 6110 and below, Eventlog Analyzer 12301 and below, Exchange Reporter Plus 5709 and below, Log360 5315 and below, Log360 UEBA 4045 and below, M365 Manager Plus 4529 and below, M365 Security Plus 4529 and below, Recovery Manager Plus 6061 and below, ServiceDesk Plus 14204 and below and 143xx 14302 and below, ServiceDesk Plus MSP 14300 and below, SharePoint Manager Plus 4402 and below, and Support Center Plus 14300 and below are vulnerable to 2FA bypass via a few TOTP authenticators. Note: A valid pair of username and password is required to leverage this vulnerability.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35785

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-287 Improper Authentication

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 38
Application 51
Application 76
Application 55
Application 30
Application 41
Application 19
Application 16
Application 35
Application 20
Application 145
Application 24
Application 28
Application 404
Application 152
Application 79
Application 44

Sources (Detail)

Source Url
MISC https://manageengine.com
https://www.manageengine.com/security/advisory/CVE/CVE-2023-35785.html

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
Date Informations
2024-03-12 21:28:11
  • Multiple Updates
2024-02-02 02:46:54
  • Multiple Updates
2024-02-01 12:30:27
  • Multiple Updates
2023-09-30 13:28:57
  • Multiple Updates
2023-09-12 00:27:57
  • Multiple Updates
2023-09-08 09:27:32
  • Multiple Updates
2023-09-05 05:27:25
  • Multiple Updates
2023-09-05 01:29:34
  • Multiple Updates
2023-09-02 05:27:28
  • Multiple Updates
2023-08-29 13:25:11
  • Multiple Updates
2023-08-29 00:27:22
  • First insertion