March 11, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Update – Gen Digital Confirms Employee Data Breach in MOVEit Ransomware Attack
June 23, 2023Rewterz Threat Intel – Multiple VMware vCenter Server and Cloud Foundation Vulnerabilities
June 23, 2023Rewterz Threat Update – Gen Digital Confirms Employee Data Breach in MOVEit Ransomware Attack
June 23, 2023Rewterz Threat Intel – Multiple VMware vCenter Server and Cloud Foundation Vulnerabilities
June 23, 2023
Severity
Medium
Analysis Summary
CVE-2023-35719
Zoho ManageEngine ADSelfService Plus could allow a physical attacker to bypass security restrictions, caused by the lack of proper authentication of data received within the Password Reset Portal used by the GINA client. By using HTTP, an attacker could exploit this vulnerability to bypass authentication and execute arbitrary code with SYSTEM privileges.
Impact
- Security Bypass
Indicators Of Compromise
CVE
- CVE-2023-35719
Affected Vendors
Zoho
Affected Products
- Zoho ManageEngine ADSelfService Plus
Remediation
Refer to ManageEngine Website for patch, upgrade or suggested workaround information.