Severity
Medium
Analysis Summary
CVE-2023-35719
Zoho ManageEngine ADSelfService Plus could allow a physical attacker to bypass security restrictions, caused by the lack of proper authentication of data received within the Password Reset Portal used by the GINA client. By using HTTP, an attacker could exploit this vulnerability to bypass authentication and execute arbitrary code with SYSTEM privileges.
Impact
- Security Bypass
Indicators Of Compromise
CVE
- CVE-2023-35719
Affected Vendors
Zoho
Affected Products
- Zoho ManageEngine ADSelfService Plus
Remediation
Refer to ManageEngine Website for patch, upgrade or suggested workaround information.