CVE-2023-35785
CVSS 3.1 Score 8.1 of 10 (high)
Details
Summary
CVE-2023-35785 affects multiple Zoho ManageEngine products, including Active Directory 360, ADAudit Plus, ADManager Plus, Asset Explorer, Cloud Security Plus, Data Security Plus, Eventlog Analyzer, Exchange Reporter Plus, Log360, Log360 UEBA, M365 Manager Plus, M365 Security Plus, Recovery Manager Plus, ServiceDesk Plus, ServiceDesk Plus MSP, SharePoint Manager Plus, and Support Center Plus. These versions are vulnerable to bypassing Two-Factor Authentication (2FA) using specific Time-based One-Time Password (TOTP) authenticators. Successfully exploiting this vulnerability requires a valid pair of username and password.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.