Zoho ManageEngine ADSelfService Plus Auth Bypass & Session Token Theft
CVE-2023-35854 Published on June 20, 2023

Zoho ManageEngine ADSelfService Plus through 6113 has an authentication bypass that can be exploited to steal the domain controller session token for identity spoofing, thereby achieving the privileges of the domain controller administrator. NOTE: the vendor's perspective is that they have "found no evidence or detail of a security vulnerability."

NVD

Products Associated with CVE-2023-35854

Want to know whenever a new CVE is published for Zoho Corp Manageengine Adselfservice Plus? stack.watch will email you.

Zoho Corp Manageengine Adselfservice Plus

Exploit Probability

EPSS

2.68%

Percentile

85.68%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Zoho ManageEngine ADSelfService Plus Auth Bypass & Session Token TheftCVE-2023-35854 Published on June 20, 2023

Products Associated with CVE-2023-35854

Exploit Probability

Zoho ManageEngine ADSelfService Plus Auth Bypass & Session Token Theft
CVE-2023-35854 Published on June 20, 2023