8.1

CVE-2023-35785

EPSS 0.36%
Published 28.08.2023 20:15:08
Last modified 21.11.2024 08:08:41
Source cve@mitre.org
Teams watchlist Login
Open Login

Zoho ManageEngine Active Directory 360 versions 4315 and below, ADAudit Plus 7202 and below, ADManager Plus 7200 and below, Asset Explorer 6993 and below and 7xxx 7002 and below, Cloud Security Plus 4161 and below, Data Security Plus 6110 and below, Eventlog Analyzer 12301 and below, Exchange Reporter Plus 5709 and below, Log360 5315 and below, Log360 UEBA 4045 and below, M365 Manager Plus 4529 and below, M365 Security Plus 4529 and below, Recovery Manager Plus 6061 and below, ServiceDesk Plus 14204 and below and 143xx 14302 and below, ServiceDesk Plus MSP 14300 and below, SharePoint Manager Plus 4402 and below, and Support Center Plus 14300 and below are vulnerable to 2FA bypass via a few TOTP authenticators. Note: A valid pair of username and password is required to leverage this vulnerability.

Affected products Warnungen 0 Metrics 2 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Zohocorp ≫ Manageengine Ad360 Version < 4.3

Zohocorp ≫ Manageengine Ad360 Version4.3 Update4300

Zohocorp ≫ Manageengine Ad360 Version4.3 Update4302

Zohocorp ≫ Manageengine Ad360 Version4.3 Update4303

Zohocorp ≫ Manageengine Ad360 Version4.3 Update4304

Zohocorp ≫ Manageengine Ad360 Version4.3 Update4305

Zohocorp ≫ Manageengine Ad360 Version4.3 Update4306

Zohocorp ≫ Manageengine Ad360 Version4.3 Update4308

Zohocorp ≫ Manageengine Ad360 Version4.3 Update4309

Zohocorp ≫ Manageengine Ad360 Version4.3 Update4310

Zohocorp ≫ Manageengine Ad360 Version4.3 Update4312

Zohocorp ≫ Manageengine Ad360 Version4.3 Update4313

Zohocorp ≫ Manageengine Ad360 Version4.3 Update4314

Zohocorp ≫ Manageengine Ad360 Version4.3 Update4315

Zohocorp ≫ Manageengine Adaudit Plus Version < 7.2

Zohocorp ≫ Manageengine Adaudit Plus Version7.2 Update7200

Zohocorp ≫ Manageengine Adaudit Plus Version7.2 Update7201

Zohocorp ≫ Manageengine Adaudit Plus Version7.2 Update7202

Zohocorp ≫ Manageengine Admanager Plus Version < 7.2

Zohocorp ≫ Manageengine Admanager Plus Version7.2 Update7201

Zohocorp ≫ Manageengine Assetexplorer Version < 6.9

Zohocorp ≫ Manageengine Assetexplorer Version6.9 Update-

Zohocorp ≫ Manageengine Assetexplorer Version6.9 Update6900

Zohocorp ≫ Manageengine Assetexplorer Version6.9 Update6901

Zohocorp ≫ Manageengine Assetexplorer Version6.9 Update6902

Zohocorp ≫ Manageengine Assetexplorer Version6.9 Update6903

Zohocorp ≫ Manageengine Assetexplorer Version6.9 Update6904

Zohocorp ≫ Manageengine Assetexplorer Version6.9 Update6905

Zohocorp ≫ Manageengine Assetexplorer Version6.9 Update6906

Zohocorp ≫ Manageengine Assetexplorer Version6.9 Update6907

Zohocorp ≫ Manageengine Assetexplorer Version6.9 Update6908

Zohocorp ≫ Manageengine Assetexplorer Version6.9 Update6909

Zohocorp ≫ Manageengine Assetexplorer Version6.9 Update6950

Zohocorp ≫ Manageengine Assetexplorer Version6.9 Update6951

Zohocorp ≫ Manageengine Assetexplorer Version6.9 Update6952

Zohocorp ≫ Manageengine Assetexplorer Version6.9 Update6953

Zohocorp ≫ Manageengine Assetexplorer Version6.9 Update6954

Zohocorp ≫ Manageengine Assetexplorer Version6.9 Update6955

Zohocorp ≫ Manageengine Assetexplorer Version6.9 Update6956

Zohocorp ≫ Manageengine Assetexplorer Version6.9 Update6957

Zohocorp ≫ Manageengine Assetexplorer Version6.9 Update6970

Zohocorp ≫ Manageengine Assetexplorer Version6.9 Update6971

Zohocorp ≫ Manageengine Assetexplorer Version6.9 Update6972

Zohocorp ≫ Manageengine Assetexplorer Version6.9 Update6973

Zohocorp ≫ Manageengine Assetexplorer Version6.9 Update6974

Zohocorp ≫ Manageengine Assetexplorer Version6.9 Update6975

Zohocorp ≫ Manageengine Assetexplorer Version6.9 Update6976

Zohocorp ≫ Manageengine Assetexplorer Version6.9 Update6977

Zohocorp ≫ Manageengine Assetexplorer Version6.9 Update6978

Zohocorp ≫ Manageengine Assetexplorer Version6.9 Update6979

Zohocorp ≫ Manageengine Assetexplorer Version6.9 Update6980

Zohocorp ≫ Manageengine Assetexplorer Version6.9 Update6981

Zohocorp ≫ Manageengine Assetexplorer Version6.9 Update6982

Zohocorp ≫ Manageengine Assetexplorer Version6.9 Update6983

Zohocorp ≫ Manageengine Assetexplorer Version6.9 Update6984

Zohocorp ≫ Manageengine Assetexplorer Version6.9 Update6985

Zohocorp ≫ Manageengine Assetexplorer Version6.9 Update6986

Zohocorp ≫ Manageengine Assetexplorer Version6.9 Update6987

Zohocorp ≫ Manageengine Assetexplorer Version6.9 Update6988

Zohocorp ≫ Manageengine Assetexplorer Version6.9 Update6989

Zohocorp ≫ Manageengine Assetexplorer Version6.9 Update6990

Zohocorp ≫ Manageengine Assetexplorer Version6.9 Update6991

Zohocorp ≫ Manageengine Assetexplorer Version6.9 Update6992

Zohocorp ≫ Manageengine Assetexplorer Version6.9 Update6993

Zohocorp ≫ Manageengine Assetexplorer Version7.0 Update7000

Zohocorp ≫ Manageengine Assetexplorer Version7.0 Update7001

Zohocorp ≫ Manageengine Cloud Security Plus Version < 4.1

Zohocorp ≫ Manageengine Cloud Security Plus Version4.1 Update4100

Zohocorp ≫ Manageengine Cloud Security Plus Version4.1 Update4101

Zohocorp ≫ Manageengine Cloud Security Plus Version4.1 Update4102

Zohocorp ≫ Manageengine Cloud Security Plus Version4.1 Update4103

Zohocorp ≫ Manageengine Cloud Security Plus Version4.1 Update4104

Zohocorp ≫ Manageengine Cloud Security Plus Version4.1 Update4105

Zohocorp ≫ Manageengine Cloud Security Plus Version4.1 Update4106

Zohocorp ≫ Manageengine Cloud Security Plus Version4.1 Update4107

Zohocorp ≫ Manageengine Cloud Security Plus Version4.1 Update4108

Zohocorp ≫ Manageengine Cloud Security Plus Version4.1 Update4109

Zohocorp ≫ Manageengine Cloud Security Plus Version4.1 Update4110

Zohocorp ≫ Manageengine Cloud Security Plus Version4.1 Update4111

Zohocorp ≫ Manageengine Cloud Security Plus Version4.1 Update4112

Zohocorp ≫ Manageengine Cloud Security Plus Version4.1 Update4113

Zohocorp ≫ Manageengine Cloud Security Plus Version4.1 Update4115

Zohocorp ≫ Manageengine Cloud Security Plus Version4.1 Update4116

Zohocorp ≫ Manageengine Cloud Security Plus Version4.1 Update4117

Zohocorp ≫ Manageengine Cloud Security Plus Version4.1 Update4118

Zohocorp ≫ Manageengine Cloud Security Plus Version4.1 Update4119

Zohocorp ≫ Manageengine Cloud Security Plus Version4.1 Update4120

Zohocorp ≫ Manageengine Cloud Security Plus Version4.1 Update4121

Zohocorp ≫ Manageengine Cloud Security Plus Version4.1 Update4122

Zohocorp ≫ Manageengine Cloud Security Plus Version4.1 Update4130

Zohocorp ≫ Manageengine Cloud Security Plus Version4.1 Update4131

Zohocorp ≫ Manageengine Cloud Security Plus Version4.1 Update4140

Zohocorp ≫ Manageengine Cloud Security Plus Version4.1 Update4141

Zohocorp ≫ Manageengine Cloud Security Plus Version4.1 Update4150

Zohocorp ≫ Manageengine Cloud Security Plus Version4.1 Update4160

Zohocorp ≫ Manageengine Cloud Security Plus Version4.1 Update4161

Zohocorp ≫ Manageengine Datasecurity Plus Version < 6.1

Zohocorp ≫ Manageengine Datasecurity Plus Version6.1 Update6100

Zohocorp ≫ Manageengine Datasecurity Plus Version6.1 Update6101

Zohocorp ≫ Manageengine Datasecurity Plus Version6.1 Update6110

Zohocorp ≫ Manageengine Eventlog Analyzer Version < 12.3.0

Zohocorp ≫ Manageengine Eventlog Analyzer Version12.3.0 Update12300

Zohocorp ≫ Manageengine Eventlog Analyzer Version12.3.0 Update12301

Zohocorp ≫ Manageengine Exchange Reporter Plus Version < 5.7

Zohocorp ≫ Manageengine Exchange Reporter Plus Version5.7 Update5700

Zohocorp ≫ Manageengine Exchange Reporter Plus Version5.7 Update5701

Zohocorp ≫ Manageengine Exchange Reporter Plus Version5.7 Update5702

Zohocorp ≫ Manageengine Exchange Reporter Plus Version5.7 Update5703

Zohocorp ≫ Manageengine Exchange Reporter Plus Version5.7 Update5704

Zohocorp ≫ Manageengine Exchange Reporter Plus Version5.7 Update5705

Zohocorp ≫ Manageengine Exchange Reporter Plus Version5.7 Update5706

Zohocorp ≫ Manageengine Exchange Reporter Plus Version5.7 Update5707

Zohocorp ≫ Manageengine Exchange Reporter Plus Version5.7 Update5708

Zohocorp ≫ Manageengine Exchange Reporter Plus Version5.7 Update5709

Zohocorp ≫ Manageengine Log360 Version < 5.3

Zohocorp ≫ Manageengine Log360 Version5.3 Updatebuild5300

Zohocorp ≫ Manageengine Log360 Version5.3 Updatebuild5301

Zohocorp ≫ Manageengine Log360 Version5.3 Updatebuild5302

Zohocorp ≫ Manageengine Log360 Version5.3 Updatebuild5305

Zohocorp ≫ Manageengine Log360 Version5.3 Updatebuild5310

Zohocorp ≫ Manageengine Log360 Version5.3 Updatebuild5311

Zohocorp ≫ Manageengine Log360 Version5.3 Updatebuild5315

Zohocorp ≫ Manageengine Log360 Ueba Version4.0 Updatebuild4010

Zohocorp ≫ Manageengine Log360 Ueba Version4.0 Updatebuild4011

Zohocorp ≫ Manageengine Log360 Ueba Version4.0 Updatebuild4015

Zohocorp ≫ Manageengine Log360 Ueba Version4.0 Updatebuild4016

Zohocorp ≫ Manageengine Log360 Ueba Version4.0 Updatebuild4020

Zohocorp ≫ Manageengine Log360 Ueba Version4.0 Updatebuild4021

Zohocorp ≫ Manageengine Log360 Ueba Version4.0 Updatebuild4023

Zohocorp ≫ Manageengine Log360 Ueba Version4.0 Updatebuild4024

Zohocorp ≫ Manageengine Log360 Ueba Version4.0 Updatebuild4025

Zohocorp ≫ Manageengine Log360 Ueba Version4.0 Updatebuild4026

Zohocorp ≫ Manageengine Log360 Ueba Version4.0 Updatebuild4027

Zohocorp ≫ Manageengine Log360 Ueba Version4.0 Updatebuild4028

Zohocorp ≫ Manageengine Log360 Ueba Version4.0 Updatebuild4030

Zohocorp ≫ Manageengine Log360 Ueba Version4.0 Updatebuild4031

Zohocorp ≫ Manageengine Log360 Ueba Version4.0 Updatebuild4034

Zohocorp ≫ Manageengine Log360 Ueba Version4.0 Updatebuild4035

Zohocorp ≫ Manageengine Log360 Ueba Version4.0 Updatebuild4036

Zohocorp ≫ Manageengine Log360 Ueba Version4.0 Updatebuild4040

Zohocorp ≫ Manageengine Log360 Ueba Version4.0 Updatebuild4043

Zohocorp ≫ Manageengine Log360 Ueba Version4.0 Updatebuild4045

Zohocorp ≫ Manageengine M365 Manager Plus Version < 4.5

Zohocorp ≫ Manageengine M365 Manager Plus Version4.5 Updatebuild4500

Zohocorp ≫ Manageengine M365 Manager Plus Version4.5 Updatebuild4502

Zohocorp ≫ Manageengine M365 Manager Plus Version4.5 Updatebuild4503

Zohocorp ≫ Manageengine M365 Manager Plus Version4.5 Updatebuild4504

Zohocorp ≫ Manageengine M365 Manager Plus Version4.5 Updatebuild4505

Zohocorp ≫ Manageengine M365 Manager Plus Version4.5 Updatebuild4507

Zohocorp ≫ Manageengine M365 Manager Plus Version4.5 Updatebuild4508

Zohocorp ≫ Manageengine M365 Manager Plus Version4.5 Updatebuild4509

Zohocorp ≫ Manageengine M365 Manager Plus Version4.5 Updatebuild4510

Zohocorp ≫ Manageengine M365 Manager Plus Version4.5 Updatebuild4511

Zohocorp ≫ Manageengine M365 Manager Plus Version4.5 Updatebuild4512

Zohocorp ≫ Manageengine M365 Manager Plus Version4.5 Updatebuild4513

Zohocorp ≫ Manageengine M365 Manager Plus Version4.5 Updatebuild4514

Zohocorp ≫ Manageengine M365 Manager Plus Version4.5 Updatebuild4516

Zohocorp ≫ Manageengine M365 Manager Plus Version4.5 Updatebuild4517

Zohocorp ≫ Manageengine M365 Manager Plus Version4.5 Updatebuild4518

Zohocorp ≫ Manageengine M365 Manager Plus Version4.5 Updatebuild4519

Zohocorp ≫ Manageengine M365 Manager Plus Version4.5 Updatebuild4520

Zohocorp ≫ Manageengine M365 Manager Plus Version4.5 Updatebuild4523

Zohocorp ≫ Manageengine M365 Manager Plus Version4.5 Updatebuild4525

Zohocorp ≫ Manageengine M365 Manager Plus Version4.5 Updatebuild4527

Zohocorp ≫ Manageengine M365 Manager Plus Version4.5 Updatebuild4528

Zohocorp ≫ Manageengine M365 Manager Plus Version4.5 Updatebuild4529

Zohocorp ≫ Manageengine M365 Security Plus Version < 4.5

Zohocorp ≫ Manageengine M365 Security Plus Version4.5 Update4500

Zohocorp ≫ Manageengine M365 Security Plus Version4.5 Update4502

Zohocorp ≫ Manageengine M365 Security Plus Version4.5 Update4503

Zohocorp ≫ Manageengine M365 Security Plus Version4.5 Update4504

Zohocorp ≫ Manageengine M365 Security Plus Version4.5 Update4505

Zohocorp ≫ Manageengine M365 Security Plus Version4.5 Update4507

Zohocorp ≫ Manageengine M365 Security Plus Version4.5 Update4508

Zohocorp ≫ Manageengine M365 Security Plus Version4.5 Update4509

Zohocorp ≫ Manageengine M365 Security Plus Version4.5 Update4510

Zohocorp ≫ Manageengine M365 Security Plus Version4.5 Update4511

Zohocorp ≫ Manageengine M365 Security Plus Version4.5 Update4512

Zohocorp ≫ Manageengine M365 Security Plus Version4.5 Update4513

Zohocorp ≫ Manageengine M365 Security Plus Version4.5 Update4514

Zohocorp ≫ Manageengine M365 Security Plus Version4.5 Update4516

Zohocorp ≫ Manageengine M365 Security Plus Version4.5 Update4517

Zohocorp ≫ Manageengine M365 Security Plus Version4.5 Update4518

Zohocorp ≫ Manageengine M365 Security Plus Version4.5 Update4519

Zohocorp ≫ Manageengine M365 Security Plus Version4.5 Update4520

Zohocorp ≫ Manageengine M365 Security Plus Version4.5 Update4523

Zohocorp ≫ Manageengine M365 Security Plus Version4.5 Update4525

Zohocorp ≫ Manageengine M365 Security Plus Version4.5 Update4527

Zohocorp ≫ Manageengine M365 Security Plus Version4.5 Update4528

Zohocorp ≫ Manageengine M365 Security Plus Version4.5 Update4529

Zohocorp ≫ Manageengine Recoverymanager Plus Version < 6.0

Zohocorp ≫ Manageengine Recoverymanager Plus Version6.0 Updatebuild6001

Zohocorp ≫ Manageengine Recoverymanager Plus Version6.0 Updatebuild6003

Zohocorp ≫ Manageengine Recoverymanager Plus Version6.0 Updatebuild6005

Zohocorp ≫ Manageengine Recoverymanager Plus Version6.0 Updatebuild6011

Zohocorp ≫ Manageengine Recoverymanager Plus Version6.0 Updatebuild6016

Zohocorp ≫ Manageengine Recoverymanager Plus Version6.0 Updatebuild6017

Zohocorp ≫ Manageengine Recoverymanager Plus Version6.0 Updatebuild6020

Zohocorp ≫ Manageengine Recoverymanager Plus Version6.0 Updatebuild6025

Zohocorp ≫ Manageengine Recoverymanager Plus Version6.0 Updatebuild6026

Zohocorp ≫ Manageengine Recoverymanager Plus Version6.0 Updatebuild6030

Zohocorp ≫ Manageengine Recoverymanager Plus Version6.0 Updatebuild6031

Zohocorp ≫ Manageengine Recoverymanager Plus Version6.0 Updatebuild6032

Zohocorp ≫ Manageengine Recoverymanager Plus Version6.0 Updatebuild6041

Zohocorp ≫ Manageengine Recoverymanager Plus Version6.0 Updatebuild6042

Zohocorp ≫ Manageengine Recoverymanager Plus Version6.0 Updatebuild6043

Zohocorp ≫ Manageengine Recoverymanager Plus Version6.0 Updatebuild6044

Zohocorp ≫ Manageengine Recoverymanager Plus Version6.0 Updatebuild6047

Zohocorp ≫ Manageengine Recoverymanager Plus Version6.0 Updatebuild6049

Zohocorp ≫ Manageengine Recoverymanager Plus Version6.0 Updatebuild6050

Zohocorp ≫ Manageengine Recoverymanager Plus Version6.0 Updatebuild6051

Zohocorp ≫ Manageengine Recoverymanager Plus Version6.0 Updatebuild6053

Zohocorp ≫ Manageengine Recoverymanager Plus Version6.0 Updatebuild6054

Zohocorp ≫ Manageengine Recoverymanager Plus Version6.0 Updatebuild6056

Zohocorp ≫ Manageengine Recoverymanager Plus Version6.0 Updatebuild6057

Zohocorp ≫ Manageengine Recoverymanager Plus Version6.0 Updatebuild6058

Zohocorp ≫ Manageengine Recoverymanager Plus Version6.0 Updatebuild6060

Zohocorp ≫ Manageengine Recoverymanager Plus Version6.0 Updatebuild6061

Zohocorp ≫ Manageengine Servicedesk Plus Version < 14.2

Zohocorp ≫ Manageengine Servicedesk Plus Version14.2 Update14200

Zohocorp ≫ Manageengine Servicedesk Plus Version14.2 Update14201

Zohocorp ≫ Manageengine Servicedesk Plus Version14.2 Update14202

Zohocorp ≫ Manageengine Servicedesk Plus Version14.2 Update14203

Zohocorp ≫ Manageengine Servicedesk Plus Version14.2 Update14204

Zohocorp ≫ Manageengine Servicedesk Plus Version14.3 Update14300

Zohocorp ≫ Manageengine Servicedesk Plus Version14.3 Update14301

Zohocorp ≫ Manageengine Servicedesk Plus Version14.3 Update14302

Zohocorp ≫ Manageengine Servicedesk Plus Msp Version < 14.3

Zohocorp ≫ Manageengine Servicedesk Plus Msp Version14.3 Update14300

Zohocorp ≫ Manageengine Sharepoint Manager Plus Version < 4.4

Zohocorp ≫ Manageengine Sharepoint Manager Plus Version4.4 Update4400

Zohocorp ≫ Manageengine Sharepoint Manager Plus Version4.4 Update4401

Zohocorp ≫ Manageengine Sharepoint Manager Plus Version4.4 Update4402

Zohocorp ≫ Manageengine Supportcenter Plus Version < 14.3

Zohocorp ≫ Manageengine Supportcenter Plus Version14.3 Update14300

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.36%	0.57

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.1	2.2	5.9	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

https://manageengine.com

Product

https://www.manageengine.com/security/advisory/CVE/CVE-2023-35785.html

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-35785

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-35785

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-35785

EUVD