CVE-2023-35785

CVSS 3.1 Score 8.1 of 10 (high)

Details

Published Aug 28, 2023
Updated: Mar 12, 2024
CWE ID 287

Summary

CVE-2023-35785 affects multiple Zoho ManageEngine products, including Active Directory 360, ADAudit Plus, ADManager Plus, Asset Explorer, Cloud Security Plus, Data Security Plus, Eventlog Analyzer, Exchange Reporter Plus, Log360, Log360 UEBA, M365 Manager Plus, M365 Security Plus, Recovery Manager Plus, ServiceDesk Plus, ServiceDesk Plus MSP, SharePoint Manager Plus, and Support Center Plus. These versions are vulnerable to bypassing Two-Factor Authentication (2FA) using specific Time-based One-Time Password (TOTP) authenticators. Successfully exploiting this vulnerability requires a valid pair of username and password.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share