Main Vulnerability Database Vulnerabilities #VU77737

#VU77737 Insufficient verification of data authenticity in Zoho ManageEngine ADSelfService Plus - CVE-2023-35719

Published: June 27, 2023

Vulnerability identifier: #VU77737

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2023-35719

CWE-ID: CWE-345

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Zoho ManageEngine ADSelfService Plus

Software vendor:
Zoho Corporation

Description

The vulnerability allows an attacker to compromise the affected system.

The vulnerability exists due to the lack of proper authentication of data received via HTTP within the Password Reset Portal used by the GINA client. An attacker with physical access to the system can bypass authentication and compromise the system.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

https://www.zerodayinitiative.com/advisories/ZDI-23-891/

#VU77737 Insufficient verification of data authenticity in Zoho ManageEngine ADSelfService Plus - CVE-2023-35719

Description

Remediation

External links

Please verify you're human