What is the severity of CVE-2023-50785?

CVE-2023-50785 is classified as a medium severity vulnerability due to its potential to disclose sensitive directory names.

How do I fix CVE-2023-50785?

To fix CVE-2023-50785, upgrade Zoho ManageEngine ADAudit Plus to version 7270 or later.

Who is affected by CVE-2023-50785?

CVE-2023-50785 affects admin users of Zoho ManageEngine ADAudit Plus versions prior to 7270.

What type of vulnerability is CVE-2023-50785?

CVE-2023-50785 is a path traversal vulnerability that allows unauthorized directory name disclosure.

Can CVE-2023-50785 lead to further attacks?

Yes, the directory name disclosure could potentially aid attackers in conducting more targeted attacks.

Vulnerability/
CVE-2023-50785

low

2.7

CWE

25/1/2024

28/10/2024

CVE-2023-50785: Path Traversal

First published: Thu Jan 25 2024(Updated: )

Zoho ManageEngine ADAudit Plus before 7270 allows admin users to view names of arbitrary directories via path traversal.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Zoho ManageEngine ADAudit Plus	=7.2-7200
Zoho ManageEngine ADAudit Plus	=7.2-7201
Zoho ManageEngine ADAudit Plus	=7.2-7202
Zoho ManageEngine ADAudit Plus	=7.2-7203
Zoho ManageEngine ADAudit Plus	=7.2-7210
Zoho ManageEngine ADAudit Plus	=7.2-7211
Zoho ManageEngine ADAudit Plus	=7.2-7212
Zoho ManageEngine ADAudit Plus	=7.2-7213
Zoho ManageEngine ADAudit Plus	=7.2-7215
Zoho ManageEngine ADAudit Plus	=7.2-7220
Zoho ManageEngine ADAudit Plus	=7.2-7250
Zoho ManageEngine ADAudit Plus	=7.2-7251
Zoho ManageEngine ADAudit Plus	=7.2-7260

Never miss a vulnerability like this again

Reference Links

https://www.manageengine.com/products/active-directory-audit/cve-2023-50785.html

Frequently Asked Questions

What is the severity of CVE-2023-50785?
CVE-2023-50785 is classified as a medium severity vulnerability due to its potential to disclose sensitive directory names.
How do I fix CVE-2023-50785?
To fix CVE-2023-50785, upgrade Zoho ManageEngine ADAudit Plus to version 7270 or later.
Who is affected by CVE-2023-50785?
CVE-2023-50785 affects admin users of Zoho ManageEngine ADAudit Plus versions prior to 7270.
What type of vulnerability is CVE-2023-50785?
CVE-2023-50785 is a path traversal vulnerability that allows unauthorized directory name disclosure.
Can CVE-2023-50785 lead to further attacks?
Yes, the directory name disclosure could potentially aid attackers in conducting more targeted attacks.

agent/references
agent/description
agent/type
agent/first-publish-date
agent/author
agent/event
agent/severity
agent/weakness
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/source
agent/tags
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/zohocorp
canonical/zoho manageengine adaudit plus
version/zoho manageengine adaudit plus/7.2-7200
version/zoho manageengine adaudit plus/7.2-7201
version/zoho manageengine adaudit plus/7.2-7202
version/zoho manageengine adaudit plus/7.2-7203
version/zoho manageengine adaudit plus/7.2-7210
version/zoho manageengine adaudit plus/7.2-7211
version/zoho manageengine adaudit plus/7.2-7212
version/zoho manageengine adaudit plus/7.2-7213
version/zoho manageengine adaudit plus/7.2-7215
version/zoho manageengine adaudit plus/7.2-7220
version/zoho manageengine adaudit plus/7.2-7250
version/zoho manageengine adaudit plus/7.2-7251
version/zoho manageengine adaudit plus/7.2-7260

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.