CWE
287
Advisory Published
Updated

CVE-2023-35785

First published: Mon Aug 28 2023(Updated: )

Zoho ManageEngine Active Directory 360 versions 4315 and below, ADAudit Plus 7202 and below, ADManager Plus 7200 and below, Asset Explorer 6993 and below and 7xxx 7002 and below, Cloud Security Plus 4161 and below, Data Security Plus 6110 and below, Eventlog Analyzer 12301 and below, Exchange Reporter Plus 5709 and below, Log360 5315 and below, Log360 UEBA 4045 and below, M365 Manager Plus 4529 and below, M365 Security Plus 4529 and below, Recovery Manager Plus 6061 and below, ServiceDesk Plus 14204 and below and 143xx 14302 and below, ServiceDesk Plus MSP 14300 and below, SharePoint Manager Plus 4402 and below, and Support Center Plus 14300 and below are vulnerable to 2FA bypass via a few TOTP authenticators. Note: A valid pair of username and password is required to leverage this vulnerability.

Credit: cve@mitre.org

Affected SoftwareAffected VersionHow to fix
Zoho ManageEngine<4.3
Zoho ManageEngine=4.3-4300
Zoho ManageEngine=4.3-4302
Zoho ManageEngine=4.3-4303
Zoho ManageEngine=4.3-4304
Zoho ManageEngine=4.3-4305
Zoho ManageEngine=4.3-4306
Zoho ManageEngine=4.3-4308
Zoho ManageEngine=4.3-4309
Zoho ManageEngine=4.3-4310
Zoho ManageEngine=4.3-4312
Zoho ManageEngine=4.3-4313
Zoho ManageEngine=4.3-4314
Zoho ManageEngine=4.3-4315
Zoho ManageEngine ADAudit Plus<7.2
Zoho ManageEngine ADAudit Plus=7.2-7200
Zoho ManageEngine ADAudit Plus=7.2-7201
Zoho ManageEngine ADAudit Plus=7.2-7202
Zoho Corporation AdManager Plus<7.2
Zoho Corporation AdManager Plus=7.2-7201
ManageEngine AssetExplorer<6.9
ManageEngine AssetExplorer=6.9
ManageEngine AssetExplorer=6.9-6900
ManageEngine AssetExplorer=6.9-6901
ManageEngine AssetExplorer=6.9-6902
ManageEngine AssetExplorer=6.9-6903
ManageEngine AssetExplorer=6.9-6904
ManageEngine AssetExplorer=6.9-6905
ManageEngine AssetExplorer=6.9-6906
ManageEngine AssetExplorer=6.9-6907
ManageEngine AssetExplorer=6.9-6908
ManageEngine AssetExplorer=6.9-6909
ManageEngine AssetExplorer=6.9-6950
ManageEngine AssetExplorer=6.9-6951
ManageEngine AssetExplorer=6.9-6952
ManageEngine AssetExplorer=6.9-6953
ManageEngine AssetExplorer=6.9-6954
ManageEngine AssetExplorer=6.9-6955
ManageEngine AssetExplorer=6.9-6956
ManageEngine AssetExplorer=6.9-6957
ManageEngine AssetExplorer=6.9-6970
ManageEngine AssetExplorer=6.9-6971
ManageEngine AssetExplorer=6.9-6972
ManageEngine AssetExplorer=6.9-6973
ManageEngine AssetExplorer=6.9-6974
ManageEngine AssetExplorer=6.9-6975
ManageEngine AssetExplorer=6.9-6976
ManageEngine AssetExplorer=6.9-6977
ManageEngine AssetExplorer=6.9-6978
ManageEngine AssetExplorer=6.9-6979
ManageEngine AssetExplorer=6.9-6980
ManageEngine AssetExplorer=6.9-6981
ManageEngine AssetExplorer=6.9-6982
ManageEngine AssetExplorer=6.9-6983
ManageEngine AssetExplorer=6.9-6984
ManageEngine AssetExplorer=6.9-6985
ManageEngine AssetExplorer=6.9-6986
ManageEngine AssetExplorer=6.9-6987
ManageEngine AssetExplorer=6.9-6988
ManageEngine AssetExplorer=6.9-6989
ManageEngine AssetExplorer=6.9-6990
ManageEngine AssetExplorer=6.9-6991
ManageEngine AssetExplorer=6.9-6992
ManageEngine AssetExplorer=6.9-6993
ManageEngine AssetExplorer=7.0-7000
ManageEngine AssetExplorer=7.0-7001
Zoho ManageEngine Cloud Security Plus<4.1
Zoho ManageEngine Cloud Security Plus=4.1-4100
Zoho ManageEngine Cloud Security Plus=4.1-4101
Zoho ManageEngine Cloud Security Plus=4.1-4102
Zoho ManageEngine Cloud Security Plus=4.1-4103
Zoho ManageEngine Cloud Security Plus=4.1-4104
Zoho ManageEngine Cloud Security Plus=4.1-4105
Zoho ManageEngine Cloud Security Plus=4.1-4106
Zoho ManageEngine Cloud Security Plus=4.1-4107
Zoho ManageEngine Cloud Security Plus=4.1-4108
Zoho ManageEngine Cloud Security Plus=4.1-4109
Zoho ManageEngine Cloud Security Plus=4.1-4110
Zoho ManageEngine Cloud Security Plus=4.1-4111
Zoho ManageEngine Cloud Security Plus=4.1-4112
Zoho ManageEngine Cloud Security Plus=4.1-4113
Zoho ManageEngine Cloud Security Plus=4.1-4115
Zoho ManageEngine Cloud Security Plus=4.1-4116
Zoho ManageEngine Cloud Security Plus=4.1-4117
Zoho ManageEngine Cloud Security Plus=4.1-4118
Zoho ManageEngine Cloud Security Plus=4.1-4119
Zoho ManageEngine Cloud Security Plus=4.1-4120
Zoho ManageEngine Cloud Security Plus=4.1-4121
Zoho ManageEngine Cloud Security Plus=4.1-4122
Zoho ManageEngine Cloud Security Plus=4.1-4130
Zoho ManageEngine Cloud Security Plus=4.1-4131
Zoho ManageEngine Cloud Security Plus=4.1-4140
Zoho ManageEngine Cloud Security Plus=4.1-4141
Zoho ManageEngine Cloud Security Plus=4.1-4150
Zoho ManageEngine Cloud Security Plus=4.1-4160
Zoho ManageEngine Cloud Security Plus=4.1-4161
Zoho ManageEngine DataSecurity Plus<6.1
Zoho ManageEngine DataSecurity Plus=6.1-6100
Zoho ManageEngine DataSecurity Plus=6.1-6101
Zoho ManageEngine DataSecurity Plus=6.1-6110
ManageEngine EventLog Analyzer<12.3.0
ManageEngine EventLog Analyzer=12.3.0-12300
ManageEngine EventLog Analyzer=12.3.0-12301
ManageEngine Exchange Reporter Plus<5.7
ManageEngine Exchange Reporter Plus=5.7-5700
ManageEngine Exchange Reporter Plus=5.7-5701
ManageEngine Exchange Reporter Plus=5.7-5702
ManageEngine Exchange Reporter Plus=5.7-5703
ManageEngine Exchange Reporter Plus=5.7-5704
ManageEngine Exchange Reporter Plus=5.7-5705
ManageEngine Exchange Reporter Plus=5.7-5706
ManageEngine Exchange Reporter Plus=5.7-5707
ManageEngine Exchange Reporter Plus=5.7-5708
ManageEngine Exchange Reporter Plus=5.7-5709
ManageEngine Log360<5.3
ManageEngine Log360=5.3-build5300
ManageEngine Log360=5.3-build5301
ManageEngine Log360=5.3-build5302
ManageEngine Log360=5.3-build5305
ManageEngine Log360=5.3-build5310
ManageEngine Log360=5.3-build5311
ManageEngine Log360=5.3-build5315
Zoho Corp ManageEngine Log360 UEBA=4.0-build4010
Zoho Corp ManageEngine Log360 UEBA=4.0-build4011
Zoho Corp ManageEngine Log360 UEBA=4.0-build4015
Zoho Corp ManageEngine Log360 UEBA=4.0-build4016
Zoho Corp ManageEngine Log360 UEBA=4.0-build4020
Zoho Corp ManageEngine Log360 UEBA=4.0-build4021
Zoho Corp ManageEngine Log360 UEBA=4.0-build4023
Zoho Corp ManageEngine Log360 UEBA=4.0-build4024
Zoho Corp ManageEngine Log360 UEBA=4.0-build4025
Zoho Corp ManageEngine Log360 UEBA=4.0-build4026
Zoho Corp ManageEngine Log360 UEBA=4.0-build4027
Zoho Corp ManageEngine Log360 UEBA=4.0-build4028
Zoho Corp ManageEngine Log360 UEBA=4.0-build4030
Zoho Corp ManageEngine Log360 UEBA=4.0-build4031
Zoho Corp ManageEngine Log360 UEBA=4.0-build4034
Zoho Corp ManageEngine Log360 UEBA=4.0-build4035
Zoho Corp ManageEngine Log360 UEBA=4.0-build4036
Zoho Corp ManageEngine Log360 UEBA=4.0-build4040
Zoho Corp ManageEngine Log360 UEBA=4.0-build4043
Zoho Corp ManageEngine Log360 UEBA=4.0-build4045
ManageEngine M365 Manager Plus<4.5
ManageEngine M365 Manager Plus=4.5-build4500
ManageEngine M365 Manager Plus=4.5-build4502
ManageEngine M365 Manager Plus=4.5-build4503
ManageEngine M365 Manager Plus=4.5-build4504
ManageEngine M365 Manager Plus=4.5-build4505
ManageEngine M365 Manager Plus=4.5-build4507
ManageEngine M365 Manager Plus=4.5-build4508
ManageEngine M365 Manager Plus=4.5-build4509
ManageEngine M365 Manager Plus=4.5-build4510
ManageEngine M365 Manager Plus=4.5-build4511
ManageEngine M365 Manager Plus=4.5-build4512
ManageEngine M365 Manager Plus=4.5-build4513
ManageEngine M365 Manager Plus=4.5-build4514
ManageEngine M365 Manager Plus=4.5-build4516
ManageEngine M365 Manager Plus=4.5-build4517
ManageEngine M365 Manager Plus=4.5-build4518
ManageEngine M365 Manager Plus=4.5-build4519
ManageEngine M365 Manager Plus=4.5-build4520
ManageEngine M365 Manager Plus=4.5-build4523
ManageEngine M365 Manager Plus=4.5-build4525
ManageEngine M365 Manager Plus=4.5-build4527
ManageEngine M365 Manager Plus=4.5-build4528
ManageEngine M365 Manager Plus=4.5-build4529
ManageEngine M365 Security Plus<4.5
ManageEngine M365 Security Plus=4.5-4500
ManageEngine M365 Security Plus=4.5-4502
ManageEngine M365 Security Plus=4.5-4503
ManageEngine M365 Security Plus=4.5-4504
ManageEngine M365 Security Plus=4.5-4505
ManageEngine M365 Security Plus=4.5-4507
ManageEngine M365 Security Plus=4.5-4508
ManageEngine M365 Security Plus=4.5-4509
ManageEngine M365 Security Plus=4.5-4510
ManageEngine M365 Security Plus=4.5-4511
ManageEngine M365 Security Plus=4.5-4512
ManageEngine M365 Security Plus=4.5-4513
ManageEngine M365 Security Plus=4.5-4514
ManageEngine M365 Security Plus=4.5-4516
ManageEngine M365 Security Plus=4.5-4517
ManageEngine M365 Security Plus=4.5-4518
ManageEngine M365 Security Plus=4.5-4519
ManageEngine M365 Security Plus=4.5-4520
ManageEngine M365 Security Plus=4.5-4523
ManageEngine M365 Security Plus=4.5-4525
ManageEngine M365 Security Plus=4.5-4527
ManageEngine M365 Security Plus=4.5-4528
ManageEngine M365 Security Plus=4.5-4529
ManageEngine RecoveryManager Plus<6.0
ManageEngine RecoveryManager Plus=6.0-build6001
ManageEngine RecoveryManager Plus=6.0-build6003
ManageEngine RecoveryManager Plus=6.0-build6005
ManageEngine RecoveryManager Plus=6.0-build6011
ManageEngine RecoveryManager Plus=6.0-build6016
ManageEngine RecoveryManager Plus=6.0-build6017
ManageEngine RecoveryManager Plus=6.0-build6020
ManageEngine RecoveryManager Plus=6.0-build6025
ManageEngine RecoveryManager Plus=6.0-build6026
ManageEngine RecoveryManager Plus=6.0-build6030
ManageEngine RecoveryManager Plus=6.0-build6031
ManageEngine RecoveryManager Plus=6.0-build6032
ManageEngine RecoveryManager Plus=6.0-build6041
ManageEngine RecoveryManager Plus=6.0-build6042
ManageEngine RecoveryManager Plus=6.0-build6043
ManageEngine RecoveryManager Plus=6.0-build6044
ManageEngine RecoveryManager Plus=6.0-build6047
ManageEngine RecoveryManager Plus=6.0-build6049
ManageEngine RecoveryManager Plus=6.0-build6050
ManageEngine RecoveryManager Plus=6.0-build6051
ManageEngine RecoveryManager Plus=6.0-build6053
ManageEngine RecoveryManager Plus=6.0-build6054
ManageEngine RecoveryManager Plus=6.0-build6056
ManageEngine RecoveryManager Plus=6.0-build6057
ManageEngine RecoveryManager Plus=6.0-build6058
ManageEngine RecoveryManager Plus=6.0-build6060
ManageEngine RecoveryManager Plus=6.0-build6061
ManageEngine ServiceDesk Plus<14.2
ManageEngine ServiceDesk Plus=14.2-14200
ManageEngine ServiceDesk Plus=14.2-14201
ManageEngine ServiceDesk Plus=14.2-14202
ManageEngine ServiceDesk Plus=14.2-14203
ManageEngine ServiceDesk Plus=14.2-14204
ManageEngine ServiceDesk Plus=14.3-14300
ManageEngine ServiceDesk Plus=14.3-14301
ManageEngine ServiceDesk Plus=14.3-14302
ManageEngine ServiceDesk Plus MSP<14.3
ManageEngine ServiceDesk Plus MSP=14.3-14300
ManageEngine SharePoint Manager Plus<4.4
ManageEngine SharePoint Manager Plus=4.4-4400
ManageEngine SharePoint Manager Plus=4.4-4401
ManageEngine SharePoint Manager Plus=4.4-4402
ManageEngine SupportCenter Plus<14.3
ManageEngine SupportCenter Plus=14.3-14300

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Frequently Asked Questions

  • What is the severity of CVE-2023-35785?

    CVE-2023-35785 has been classified with a high severity level due to its potential to allow unauthorized access to sensitive information.

  • How do I fix CVE-2023-35785?

    To fix CVE-2023-35785, ensure that you update to the latest version of the affected ManageEngine products, eliminating versions that are vulnerable.

  • Which versions are affected by CVE-2023-35785?

    CVE-2023-35785 affects various ManageEngine products version 4315 and below for AD360, ADAudit Plus, and similar versions for other products specified.

  • What types of software are impacted by CVE-2023-35785?

    CVE-2023-35785 impacts multiple software applications from ManageEngine, including AD360, ADAudit Plus, and Asset Explorer among others.

  • What is the impact of CVE-2023-35785 if left unpatched?

    If CVE-2023-35785 is left unpatched, it can lead to unauthorized access and potential data breaches within organizations using the affected software.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203