Количество 3
Количество 3
CVE-2023-35854
Zoho ManageEngine ADSelfService Plus through 6113 has an authentication bypass that can be exploited to steal the domain controller session token for identity spoofing, thereby achieving the privileges of the domain controller administrator. NOTE: the vendor's perspective is that they have "found no evidence or detail of a security vulnerability."
GHSA-vwhx-3qh6-75xf
Zoho ManageEngine ADSelfService Plus through 6113 has an authentication bypass that can be exploited to steal the domain controller session token for identity spoofing, thereby achieving the privileges of the domain controller administrator.
BDU:2023-03687
Уязвимость программного обеспечения для сброса паролей ManageEngine ADSelfService Plus, связанная с отсутствием аутентификации для критичной функции, позволяющая нарушителю повысить привилегии
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2023-35854 Zoho ManageEngine ADSelfService Plus through 6113 has an authentication bypass that can be exploited to steal the domain controller session token for identity spoofing, thereby achieving the privileges of the domain controller administrator. NOTE: the vendor's perspective is that they have "found no evidence or detail of a security vulnerability." | CVSS3: 9.8 | 3% Низкий | больше 2 лет назад |
| GHSA-vwhx-3qh6-75xf Zoho ManageEngine ADSelfService Plus through 6113 has an authentication bypass that can be exploited to steal the domain controller session token for identity spoofing, thereby achieving the privileges of the domain controller administrator. | CVSS3: 9.8 | 3% Низкий | больше 2 лет назад |
 | BDU:2023-03687 Уязвимость программного обеспечения для сброса паролей ManageEngine ADSelfService Plus, связанная с отсутствием аутентификации для критичной функции, позволяющая нарушителю повысить привилегии | CVSS3: 9.8 | 3% Низкий | больше 2 лет назад |
Уязвимостей на страницу