critical
9.8
CWE
287
Advisory Published
Updated

CVE-2023-35785

First published: Mon Aug 28 2023(Updated: )

Zoho ManageEngine Active Directory 360 versions 4315 and below, ADAudit Plus 7202 and below, ADManager Plus 7200 and below, Asset Explorer 6993 and below and 7xxx 7002 and below, Cloud Security Plus 4161 and below, Data Security Plus 6110 and below, Eventlog Analyzer 12301 and below, Exchange Reporter Plus 5709 and below, Log360 5315 and below, Log360 UEBA 4045 and below, M365 Manager Plus 4529 and below, M365 Security Plus 4529 and below, Recovery Manager Plus 6061 and below, ServiceDesk Plus 14204 and below and 143xx 14302 and below, ServiceDesk Plus MSP 14300 and below, SharePoint Manager Plus 4402 and below, and Support Center Plus 14300 and below are vulnerable to 2FA bypass via a few TOTP authenticators. Note: A valid pair of username and password is required to leverage this vulnerability.

Credit: cve@mitre.org cve@mitre.org

Affected SoftwareAffected VersionHow to fix
Zohocorp Manageengine Ad360<4.3
Zohocorp Manageengine Ad360=4.3-4300
Zohocorp Manageengine Ad360=4.3-4302
Zohocorp Manageengine Ad360=4.3-4303
Zohocorp Manageengine Ad360=4.3-4304
Zohocorp Manageengine Ad360=4.3-4305
Zohocorp Manageengine Ad360=4.3-4306
Zohocorp Manageengine Ad360=4.3-4308
Zohocorp Manageengine Ad360=4.3-4309
Zohocorp Manageengine Ad360=4.3-4310
Zohocorp Manageengine Ad360=4.3-4312
Zohocorp Manageengine Ad360=4.3-4313
Zohocorp Manageengine Ad360=4.3-4314
Zohocorp Manageengine Ad360=4.3-4315
Zohocorp Manageengine Adaudit Plus<7.2
Zohocorp Manageengine Adaudit Plus=7.2-7200
Zohocorp Manageengine Adaudit Plus=7.2-7201
Zohocorp Manageengine Adaudit Plus=7.2-7202
Zohocorp Manageengine Admanager Plus<7.2
Zohocorp Manageengine Admanager Plus=7.2-7201
Zohocorp Manageengine Assetexplorer<6.9
Zohocorp Manageengine Assetexplorer=6.9
Zohocorp Manageengine Assetexplorer=6.9-6900
Zohocorp Manageengine Assetexplorer=6.9-6901
Zohocorp Manageengine Assetexplorer=6.9-6902
Zohocorp Manageengine Assetexplorer=6.9-6903
Zohocorp Manageengine Assetexplorer=6.9-6904
Zohocorp Manageengine Assetexplorer=6.9-6905
Zohocorp Manageengine Assetexplorer=6.9-6906
Zohocorp Manageengine Assetexplorer=6.9-6907
Zohocorp Manageengine Assetexplorer=6.9-6908
Zohocorp Manageengine Assetexplorer=6.9-6909
Zohocorp Manageengine Assetexplorer=6.9-6950
Zohocorp Manageengine Assetexplorer=6.9-6951
Zohocorp Manageengine Assetexplorer=6.9-6952
Zohocorp Manageengine Assetexplorer=6.9-6953
Zohocorp Manageengine Assetexplorer=6.9-6954
Zohocorp Manageengine Assetexplorer=6.9-6955
Zohocorp Manageengine Assetexplorer=6.9-6956
Zohocorp Manageengine Assetexplorer=6.9-6957
Zohocorp Manageengine Assetexplorer=6.9-6970
Zohocorp Manageengine Assetexplorer=6.9-6971
Zohocorp Manageengine Assetexplorer=6.9-6972
Zohocorp Manageengine Assetexplorer=6.9-6973
Zohocorp Manageengine Assetexplorer=6.9-6974
Zohocorp Manageengine Assetexplorer=6.9-6975
Zohocorp Manageengine Assetexplorer=6.9-6976
Zohocorp Manageengine Assetexplorer=6.9-6977
Zohocorp Manageengine Assetexplorer=6.9-6978
Zohocorp Manageengine Assetexplorer=6.9-6979
Zohocorp Manageengine Assetexplorer=6.9-6980
Zohocorp Manageengine Assetexplorer=6.9-6981
Zohocorp Manageengine Assetexplorer=6.9-6982
Zohocorp Manageengine Assetexplorer=6.9-6983
Zohocorp Manageengine Assetexplorer=6.9-6984
Zohocorp Manageengine Assetexplorer=6.9-6985
Zohocorp Manageengine Assetexplorer=6.9-6986
Zohocorp Manageengine Assetexplorer=6.9-6987
Zohocorp Manageengine Assetexplorer=6.9-6988
Zohocorp Manageengine Assetexplorer=6.9-6989
Zohocorp Manageengine Assetexplorer=6.9-6990
Zohocorp Manageengine Assetexplorer=6.9-6991
Zohocorp Manageengine Assetexplorer=6.9-6992
Zohocorp Manageengine Assetexplorer=6.9-6993
Zohocorp Manageengine Assetexplorer=7.0-7000
Zohocorp Manageengine Assetexplorer=7.0-7001
Zohocorp Manageengine Cloud Security Plus<4.1
Zohocorp Manageengine Cloud Security Plus=4.1-4100
Zohocorp Manageengine Cloud Security Plus=4.1-4101
Zohocorp Manageengine Cloud Security Plus=4.1-4102
Zohocorp Manageengine Cloud Security Plus=4.1-4103
Zohocorp Manageengine Cloud Security Plus=4.1-4104
Zohocorp Manageengine Cloud Security Plus=4.1-4105
Zohocorp Manageengine Cloud Security Plus=4.1-4106
Zohocorp Manageengine Cloud Security Plus=4.1-4107
Zohocorp Manageengine Cloud Security Plus=4.1-4108
Zohocorp Manageengine Cloud Security Plus=4.1-4109
Zohocorp Manageengine Cloud Security Plus=4.1-4110
Zohocorp Manageengine Cloud Security Plus=4.1-4111
Zohocorp Manageengine Cloud Security Plus=4.1-4112
Zohocorp Manageengine Cloud Security Plus=4.1-4113
Zohocorp Manageengine Cloud Security Plus=4.1-4115
Zohocorp Manageengine Cloud Security Plus=4.1-4116
Zohocorp Manageengine Cloud Security Plus=4.1-4117
Zohocorp Manageengine Cloud Security Plus=4.1-4118
Zohocorp Manageengine Cloud Security Plus=4.1-4119
Zohocorp Manageengine Cloud Security Plus=4.1-4120
Zohocorp Manageengine Cloud Security Plus=4.1-4121
Zohocorp Manageengine Cloud Security Plus=4.1-4122
Zohocorp Manageengine Cloud Security Plus=4.1-4130
Zohocorp Manageengine Cloud Security Plus=4.1-4131
Zohocorp Manageengine Cloud Security Plus=4.1-4140
Zohocorp Manageengine Cloud Security Plus=4.1-4141
Zohocorp Manageengine Cloud Security Plus=4.1-4150
Zohocorp Manageengine Cloud Security Plus=4.1-4160
Zohocorp Manageengine Cloud Security Plus=4.1-4161
Zohocorp Manageengine Datasecurity Plus<6.1
Zohocorp Manageengine Datasecurity Plus=6.1-6100
Zohocorp Manageengine Datasecurity Plus=6.1-6101
Zohocorp Manageengine Datasecurity Plus=6.1-6110
Zohocorp Manageengine Eventlog Analyzer<12.3.0
Zohocorp Manageengine Eventlog Analyzer=12.3.0-12300
Zohocorp Manageengine Eventlog Analyzer=12.3.0-12301
Zohocorp Manageengine Exchange Reporter Plus<5.7
Zohocorp Manageengine Exchange Reporter Plus=5.7-5700
Zohocorp Manageengine Exchange Reporter Plus=5.7-5701
Zohocorp Manageengine Exchange Reporter Plus=5.7-5702
Zohocorp Manageengine Exchange Reporter Plus=5.7-5703
Zohocorp Manageengine Exchange Reporter Plus=5.7-5704
Zohocorp Manageengine Exchange Reporter Plus=5.7-5705
Zohocorp Manageengine Exchange Reporter Plus=5.7-5706
Zohocorp Manageengine Exchange Reporter Plus=5.7-5707
Zohocorp Manageengine Exchange Reporter Plus=5.7-5708
Zohocorp Manageengine Exchange Reporter Plus=5.7-5709
Zohocorp Manageengine Log360<5.3
Zohocorp Manageengine Log360=5.3-build5300
Zohocorp Manageengine Log360=5.3-build5301
Zohocorp Manageengine Log360=5.3-build5302
Zohocorp Manageengine Log360=5.3-build5305
Zohocorp Manageengine Log360=5.3-build5310
Zohocorp Manageengine Log360=5.3-build5311
Zohocorp Manageengine Log360=5.3-build5315
Zohocorp Manageengine Log360 Ueba=4.0-build4010
Zohocorp Manageengine Log360 Ueba=4.0-build4011
Zohocorp Manageengine Log360 Ueba=4.0-build4015
Zohocorp Manageengine Log360 Ueba=4.0-build4016
Zohocorp Manageengine Log360 Ueba=4.0-build4020
Zohocorp Manageengine Log360 Ueba=4.0-build4021
Zohocorp Manageengine Log360 Ueba=4.0-build4023
Zohocorp Manageengine Log360 Ueba=4.0-build4024
Zohocorp Manageengine Log360 Ueba=4.0-build4025
Zohocorp Manageengine Log360 Ueba=4.0-build4026
Zohocorp Manageengine Log360 Ueba=4.0-build4027
Zohocorp Manageengine Log360 Ueba=4.0-build4028
Zohocorp Manageengine Log360 Ueba=4.0-build4030
Zohocorp Manageengine Log360 Ueba=4.0-build4031
Zohocorp Manageengine Log360 Ueba=4.0-build4034
Zohocorp Manageengine Log360 Ueba=4.0-build4035
Zohocorp Manageengine Log360 Ueba=4.0-build4036
Zohocorp Manageengine Log360 Ueba=4.0-build4040
Zohocorp Manageengine Log360 Ueba=4.0-build4043
Zohocorp Manageengine Log360 Ueba=4.0-build4045
Zohocorp Manageengine M365 Manager Plus<4.5
Zohocorp Manageengine M365 Manager Plus=4.5-build4500
Zohocorp Manageengine M365 Manager Plus=4.5-build4502
Zohocorp Manageengine M365 Manager Plus=4.5-build4503
Zohocorp Manageengine M365 Manager Plus=4.5-build4504
Zohocorp Manageengine M365 Manager Plus=4.5-build4505
Zohocorp Manageengine M365 Manager Plus=4.5-build4507
Zohocorp Manageengine M365 Manager Plus=4.5-build4508
Zohocorp Manageengine M365 Manager Plus=4.5-build4509
Zohocorp Manageengine M365 Manager Plus=4.5-build4510
Zohocorp Manageengine M365 Manager Plus=4.5-build4511
Zohocorp Manageengine M365 Manager Plus=4.5-build4512
Zohocorp Manageengine M365 Manager Plus=4.5-build4513
Zohocorp Manageengine M365 Manager Plus=4.5-build4514
Zohocorp Manageengine M365 Manager Plus=4.5-build4516
Zohocorp Manageengine M365 Manager Plus=4.5-build4517
Zohocorp Manageengine M365 Manager Plus=4.5-build4518
Zohocorp Manageengine M365 Manager Plus=4.5-build4519
Zohocorp Manageengine M365 Manager Plus=4.5-build4520
Zohocorp Manageengine M365 Manager Plus=4.5-build4523
Zohocorp Manageengine M365 Manager Plus=4.5-build4525
Zohocorp Manageengine M365 Manager Plus=4.5-build4527
Zohocorp Manageengine M365 Manager Plus=4.5-build4528
Zohocorp Manageengine M365 Manager Plus=4.5-build4529
Zohocorp Manageengine M365 Security Plus<4.5
Zohocorp Manageengine M365 Security Plus=4.5-4500
Zohocorp Manageengine M365 Security Plus=4.5-4502
Zohocorp Manageengine M365 Security Plus=4.5-4503
Zohocorp Manageengine M365 Security Plus=4.5-4504
Zohocorp Manageengine M365 Security Plus=4.5-4505
Zohocorp Manageengine M365 Security Plus=4.5-4507
Zohocorp Manageengine M365 Security Plus=4.5-4508
Zohocorp Manageengine M365 Security Plus=4.5-4509
Zohocorp Manageengine M365 Security Plus=4.5-4510
Zohocorp Manageengine M365 Security Plus=4.5-4511
Zohocorp Manageengine M365 Security Plus=4.5-4512
Zohocorp Manageengine M365 Security Plus=4.5-4513
Zohocorp Manageengine M365 Security Plus=4.5-4514
Zohocorp Manageengine M365 Security Plus=4.5-4516
Zohocorp Manageengine M365 Security Plus=4.5-4517
Zohocorp Manageengine M365 Security Plus=4.5-4518
Zohocorp Manageengine M365 Security Plus=4.5-4519
Zohocorp Manageengine M365 Security Plus=4.5-4520
Zohocorp Manageengine M365 Security Plus=4.5-4523
Zohocorp Manageengine M365 Security Plus=4.5-4525
Zohocorp Manageengine M365 Security Plus=4.5-4527
Zohocorp Manageengine M365 Security Plus=4.5-4528
Zohocorp Manageengine M365 Security Plus=4.5-4529
Zohocorp Manageengine Recoverymanager Plus<6.0
Zohocorp Manageengine Recoverymanager Plus=6.0-build6001
Zohocorp Manageengine Recoverymanager Plus=6.0-build6003
Zohocorp Manageengine Recoverymanager Plus=6.0-build6005
Zohocorp Manageengine Recoverymanager Plus=6.0-build6011
Zohocorp Manageengine Recoverymanager Plus=6.0-build6016
Zohocorp Manageengine Recoverymanager Plus=6.0-build6017
Zohocorp Manageengine Recoverymanager Plus=6.0-build6020
Zohocorp Manageengine Recoverymanager Plus=6.0-build6025
Zohocorp Manageengine Recoverymanager Plus=6.0-build6026
Zohocorp Manageengine Recoverymanager Plus=6.0-build6030
Zohocorp Manageengine Recoverymanager Plus=6.0-build6031
Zohocorp Manageengine Recoverymanager Plus=6.0-build6032
Zohocorp Manageengine Recoverymanager Plus=6.0-build6041
Zohocorp Manageengine Recoverymanager Plus=6.0-build6042
Zohocorp Manageengine Recoverymanager Plus=6.0-build6043
Zohocorp Manageengine Recoverymanager Plus=6.0-build6044
Zohocorp Manageengine Recoverymanager Plus=6.0-build6047
Zohocorp Manageengine Recoverymanager Plus=6.0-build6049
Zohocorp Manageengine Recoverymanager Plus=6.0-build6050
Zohocorp Manageengine Recoverymanager Plus=6.0-build6051
Zohocorp Manageengine Recoverymanager Plus=6.0-build6053
Zohocorp Manageengine Recoverymanager Plus=6.0-build6054
Zohocorp Manageengine Recoverymanager Plus=6.0-build6056
Zohocorp Manageengine Recoverymanager Plus=6.0-build6057
Zohocorp Manageengine Recoverymanager Plus=6.0-build6058
Zohocorp Manageengine Recoverymanager Plus=6.0-build6060
Zohocorp Manageengine Recoverymanager Plus=6.0-build6061
Zohocorp Manageengine Servicedesk Plus<14.2
Zohocorp Manageengine Servicedesk Plus=14.2-14200
Zohocorp Manageengine Servicedesk Plus=14.2-14201
Zohocorp Manageengine Servicedesk Plus=14.2-14202
Zohocorp Manageengine Servicedesk Plus=14.2-14203
Zohocorp Manageengine Servicedesk Plus=14.2-14204
Zohocorp Manageengine Servicedesk Plus=14.3-14300
Zohocorp Manageengine Servicedesk Plus=14.3-14301
Zohocorp Manageengine Servicedesk Plus=14.3-14302
Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus<14.3
Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus=14.3-14300
Zohocorp Manageengine Sharepoint Manager Plus<4.4
Zohocorp Manageengine Sharepoint Manager Plus=4.4-4400
Zohocorp Manageengine Sharepoint Manager Plus=4.4-4401
Zohocorp Manageengine Sharepoint Manager Plus=4.4-4402
Zohocorp Manageengine Supportcenter Plus<14.3
Zohocorp Manageengine Supportcenter Plus=14.3-14300

Remedy

https://www.manageengine.com/security/advisory/CVE/CVE-2023-35785.html

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203