CVE-2023-31492
First published: Thu Aug 17 2023(Updated: )
Zoho ManageEngine ADManager Plus version 7182 and prior disclosed the default passwords for the account restoration of unauthorized domains to the authenticated users.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zohocorp ManageEngine ADManager Plus | <7.1 | |
| Zohocorp ManageEngine ADManager Plus | =7.1 | |
| Zohocorp ManageEngine ADManager Plus | =7.1-7100 | |
| Zohocorp ManageEngine ADManager Plus | =7.1-7101 | |
| Zohocorp ManageEngine ADManager Plus | =7.1-7102 | |
| Zohocorp ManageEngine ADManager Plus | =7.1-7110 | |
| Zohocorp ManageEngine ADManager Plus | =7.1-7111 | |
| Zohocorp ManageEngine ADManager Plus | =7.1-7112 | |
| Zohocorp ManageEngine ADManager Plus | =7.1-7113 | |
| Zohocorp ManageEngine ADManager Plus | =7.1-7114 | |
| Zohocorp ManageEngine ADManager Plus | =7.1-7115 | |
| Zohocorp ManageEngine ADManager Plus | =7.1-7116 | |
| Zohocorp ManageEngine ADManager Plus | =7.1-7117 | |
| Zohocorp ManageEngine ADManager Plus | =7.1-7118 | |
| Zohocorp ManageEngine ADManager Plus | =7.1-7120 | |
| Zohocorp ManageEngine ADManager Plus | =7.1-7121 | |
| Zohocorp ManageEngine ADManager Plus | =7.1-7122 | |
| Zohocorp ManageEngine ADManager Plus | =7.1-7123 | |
| Zohocorp ManageEngine ADManager Plus | =7.1-7124 | |
| Zohocorp ManageEngine ADManager Plus | =7.1-7125 | |
| Zohocorp ManageEngine ADManager Plus | =7.1-7126 | |
| Zohocorp ManageEngine ADManager Plus | =7.1-7130 | |
| Zohocorp ManageEngine ADManager Plus | =7.1-7131 | |
| Zohocorp ManageEngine ADManager Plus | =7.1-7140 | |
| Zohocorp ManageEngine ADManager Plus | =7.1-7141 | |
| Zohocorp ManageEngine ADManager Plus | =7.1-7150 | |
| Zohocorp ManageEngine ADManager Plus | =7.1-7151 | |
| Zohocorp ManageEngine ADManager Plus | =7.1-7160 | |
| Zohocorp ManageEngine ADManager Plus | =7.1-7161 | |
| Zohocorp ManageEngine ADManager Plus | =7.1-7162 | |
| Zohocorp ManageEngine ADManager Plus | =7.1-7163 | |
| Zohocorp ManageEngine ADManager Plus | =7.1-7170 | |
| Zohocorp ManageEngine ADManager Plus | =7.1-7171 | |
| Zohocorp ManageEngine ADManager Plus | =7.1-7180 | |
| Zohocorp ManageEngine ADManager Plus | =7.1-7181 | |
| Zohocorp ManageEngine ADManager Plus | =7.1-7182 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://github.com/passtheticket/vulnerability-research/blob/main/manage-engine-apps/admanager-recovery-password-disclosure.md
- https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2023-31492.html
- http://packetstormsecurity.com/files/177091/ManageEngine-ADManager-Plus-Recovery-Password-Disclosure.html
Frequently Asked Questions
What is the vulnerability ID of this issue?
The vulnerability ID is CVE-2023-31492.
What is the severity of CVE-2023-31492?
The severity of CVE-2023-31492 is medium (6.5).
Which software versions are affected by CVE-2023-31492?
Zoho ManageEngine ADManager Plus version 7.1-7182 and prior are affected by CVE-2023-31492.
How can I fix CVE-2023-31492?
To fix CVE-2023-31492, it is recommended to upgrade Zoho ManageEngine ADManager Plus to a version higher than 7.1-7182.
Where can I find more information about CVE-2023-31492?
More information about CVE-2023-31492 can be found on the GitHub repository and the official ManageEngine website.
- agent/author
- agent/type
- agent/severity
- agent/references
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/event
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- vendor/zohocorp
- canonical/zohocorp manageengine admanager plus
- version/zohocorp manageengine admanager plus/7.1
- version/zohocorp manageengine admanager plus/7.1-7100
- version/zohocorp manageengine admanager plus/7.1-7101
- version/zohocorp manageengine admanager plus/7.1-7102
- version/zohocorp manageengine admanager plus/7.1-7110
- version/zohocorp manageengine admanager plus/7.1-7111
- version/zohocorp manageengine admanager plus/7.1-7112
- version/zohocorp manageengine admanager plus/7.1-7113
- version/zohocorp manageengine admanager plus/7.1-7114
- version/zohocorp manageengine admanager plus/7.1-7115
- version/zohocorp manageengine admanager plus/7.1-7116
- version/zohocorp manageengine admanager plus/7.1-7117
- version/zohocorp manageengine admanager plus/7.1-7118
- version/zohocorp manageengine admanager plus/7.1-7120
- version/zohocorp manageengine admanager plus/7.1-7121
- version/zohocorp manageengine admanager plus/7.1-7122
- version/zohocorp manageengine admanager plus/7.1-7123
- version/zohocorp manageengine admanager plus/7.1-7124
- version/zohocorp manageengine admanager plus/7.1-7125
- version/zohocorp manageengine admanager plus/7.1-7126
- version/zohocorp manageengine admanager plus/7.1-7130
- version/zohocorp manageengine admanager plus/7.1-7131
- version/zohocorp manageengine admanager plus/7.1-7140
- version/zohocorp manageengine admanager plus/7.1-7141
- version/zohocorp manageengine admanager plus/7.1-7150
- version/zohocorp manageengine admanager plus/7.1-7151
- version/zohocorp manageengine admanager plus/7.1-7160
- version/zohocorp manageengine admanager plus/7.1-7161
- version/zohocorp manageengine admanager plus/7.1-7162
- version/zohocorp manageengine admanager plus/7.1-7163
- version/zohocorp manageengine admanager plus/7.1-7170
- version/zohocorp manageengine admanager plus/7.1-7171
- version/zohocorp manageengine admanager plus/7.1-7180
- version/zohocorp manageengine admanager plus/7.1-7181
- version/zohocorp manageengine admanager plus/7.1-7182