Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-35785

Zoho ManageEngine Active Directory 360 versions 4315 and below, ADAudit Plus 7202 and below, ADManager Plus 7200 and below, Asset Explorer 6993 and below and 7xxx 7002 and below, Cloud Security Plus 4161 and below, Data Security Plus 6110 and below, Eventlog Analyzer 12301 and below, Exchange Reporter Plus 5709 and below, Log360 5315 and below, Log360 UEBA 4045 and below, M365 Manager Plus 4529 and below, M365 Security Plus 4529 and below, Recovery Manager Plus 6061 and below, ServiceDesk Plus 14204 and below and 143xx 14302 and below, ServiceDesk Plus MSP 14300 and below, SharePoint Manager Plus 4402 and below, and Support Center Plus 14300 and below are vulnerable to 2FA bypass via a few TOTP authenticators. Note: A valid pair of username and password is required to leverage this vulnerability.

Security Impact Summary

This vulnerability carries a HIGH severity rating with a CVSS v3.1 score of 8.1, indicating it can be exploited remotely over the network but requires specific conditions to be met without requiring user interaction and does not require pre-existing privileges . The vulnerability impacts confidentiality (data exposure), integrity (unauthorized modifications), and availability (service disruption) for affected systems. Impacting 17 products from zohocorp, from zohocorp, from zohocorp and 14 others, organizations running these solutions should prioritize assessment and patching.

Historical Context

Reported in 2023, this vulnerability emerged during an era marked by increased sophistication in supply chain attacks, cloud infrastructure vulnerabilities, and software-as-a-service (SaaS) security challenges. Security practices during this period emphasized zero-trust architectures, container security, and API protection.

Published

2023-08-28T20:15:08.033

Last Modified

2024-11-21T08:08:41.970

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.1 (HIGH)

Weaknesses

Type: Primary
CWE-287

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	zohocorp	manageengine_ad360	< 4.3	Yes
Application	zohocorp	manageengine_ad360	4.3	Yes
Application	zohocorp	manageengine_ad360	4.3	Yes
Application	zohocorp	manageengine_ad360	4.3	Yes
Application	zohocorp	manageengine_ad360	4.3	Yes
Application	zohocorp	manageengine_ad360	4.3	Yes
Application	zohocorp	manageengine_ad360	4.3	Yes
Application	zohocorp	manageengine_ad360	4.3	Yes
Application	zohocorp	manageengine_ad360	4.3	Yes
Application	zohocorp	manageengine_ad360	4.3	Yes
Application	zohocorp	manageengine_ad360	4.3	Yes
Application	zohocorp	manageengine_ad360	4.3	Yes
Application	zohocorp	manageengine_ad360	4.3	Yes
Application	zohocorp	manageengine_ad360	4.3	Yes
Application	zohocorp	manageengine_adaudit_plus	< 7.2	Yes
Application	zohocorp	manageengine_adaudit_plus	7.2	Yes
Application	zohocorp	manageengine_adaudit_plus	7.2	Yes
Application	zohocorp	manageengine_adaudit_plus	7.2	Yes
Application	zohocorp	manageengine_admanager_plus	< 7.2	Yes
Application	zohocorp	manageengine_admanager_plus	7.2	Yes
Application	zohocorp	manageengine_assetexplorer	< 6.9	Yes
Application	zohocorp	manageengine_assetexplorer	6.9	Yes
Application	zohocorp	manageengine_assetexplorer	6.9	Yes
Application	zohocorp	manageengine_assetexplorer	6.9	Yes
Application	zohocorp	manageengine_assetexplorer	6.9	Yes
Application	zohocorp	manageengine_assetexplorer	6.9	Yes
Application	zohocorp	manageengine_assetexplorer	6.9	Yes
Application	zohocorp	manageengine_assetexplorer	6.9	Yes
Application	zohocorp	manageengine_assetexplorer	6.9	Yes
Application	zohocorp	manageengine_assetexplorer	6.9	Yes
Application	zohocorp	manageengine_assetexplorer	6.9	Yes
Application	zohocorp	manageengine_assetexplorer	6.9	Yes
Application	zohocorp	manageengine_assetexplorer	6.9	Yes
Application	zohocorp	manageengine_assetexplorer	6.9	Yes
Application	zohocorp	manageengine_assetexplorer	6.9	Yes
Application	zohocorp	manageengine_assetexplorer	6.9	Yes
Application	zohocorp	manageengine_assetexplorer	6.9	Yes
Application	zohocorp	manageengine_assetexplorer	6.9	Yes
Application	zohocorp	manageengine_assetexplorer	6.9	Yes
Application	zohocorp	manageengine_assetexplorer	6.9	Yes
Application	zohocorp	manageengine_assetexplorer	6.9	Yes
Application	zohocorp	manageengine_assetexplorer	6.9	Yes
Application	zohocorp	manageengine_assetexplorer	6.9	Yes
Application	zohocorp	manageengine_assetexplorer	6.9	Yes
Application	zohocorp	manageengine_assetexplorer	6.9	Yes
Application	zohocorp	manageengine_assetexplorer	6.9	Yes
Application	zohocorp	manageengine_assetexplorer	6.9	Yes
Application	zohocorp	manageengine_assetexplorer	6.9	Yes
Application	zohocorp	manageengine_assetexplorer	6.9	Yes
Application	zohocorp	manageengine_assetexplorer	6.9	Yes
Application	zohocorp	manageengine_assetexplorer	6.9	Yes
Application	zohocorp	manageengine_assetexplorer	6.9	Yes
Application	zohocorp	manageengine_assetexplorer	6.9	Yes
Application	zohocorp	manageengine_assetexplorer	6.9	Yes
Application	zohocorp	manageengine_assetexplorer	6.9	Yes
Application	zohocorp	manageengine_assetexplorer	6.9	Yes
Application	zohocorp	manageengine_assetexplorer	6.9	Yes
Application	zohocorp	manageengine_assetexplorer	6.9	Yes
Application	zohocorp	manageengine_assetexplorer	6.9	Yes
Application	zohocorp	manageengine_assetexplorer	6.9	Yes
Application	zohocorp	manageengine_assetexplorer	6.9	Yes
Application	zohocorp	manageengine_assetexplorer	6.9	Yes
Application	zohocorp	manageengine_assetexplorer	6.9	Yes
Application	zohocorp	manageengine_assetexplorer	6.9	Yes
Application	zohocorp	manageengine_assetexplorer	7.0	Yes
Application	zohocorp	manageengine_assetexplorer	7.0	Yes
Application	zohocorp	manageengine_cloud_security_plus	< 4.1	Yes
Application	zohocorp	manageengine_cloud_security_plus	4.1	Yes
Application	zohocorp	manageengine_cloud_security_plus	4.1	Yes
Application	zohocorp	manageengine_cloud_security_plus	4.1	Yes
Application	zohocorp	manageengine_cloud_security_plus	4.1	Yes
Application	zohocorp	manageengine_cloud_security_plus	4.1	Yes
Application	zohocorp	manageengine_cloud_security_plus	4.1	Yes
Application	zohocorp	manageengine_cloud_security_plus	4.1	Yes
Application	zohocorp	manageengine_cloud_security_plus	4.1	Yes
Application	zohocorp	manageengine_cloud_security_plus	4.1	Yes
Application	zohocorp	manageengine_cloud_security_plus	4.1	Yes
Application	zohocorp	manageengine_cloud_security_plus	4.1	Yes
Application	zohocorp	manageengine_cloud_security_plus	4.1	Yes
Application	zohocorp	manageengine_cloud_security_plus	4.1	Yes
Application	zohocorp	manageengine_cloud_security_plus	4.1	Yes
Application	zohocorp	manageengine_cloud_security_plus	4.1	Yes
Application	zohocorp	manageengine_cloud_security_plus	4.1	Yes
Application	zohocorp	manageengine_cloud_security_plus	4.1	Yes
Application	zohocorp	manageengine_cloud_security_plus	4.1	Yes
Application	zohocorp	manageengine_cloud_security_plus	4.1	Yes
Application	zohocorp	manageengine_cloud_security_plus	4.1	Yes
Application	zohocorp	manageengine_cloud_security_plus	4.1	Yes
Application	zohocorp	manageengine_cloud_security_plus	4.1	Yes
Application	zohocorp	manageengine_cloud_security_plus	4.1	Yes
Application	zohocorp	manageengine_cloud_security_plus	4.1	Yes
Application	zohocorp	manageengine_cloud_security_plus	4.1	Yes
Application	zohocorp	manageengine_cloud_security_plus	4.1	Yes
Application	zohocorp	manageengine_cloud_security_plus	4.1	Yes
Application	zohocorp	manageengine_cloud_security_plus	4.1	Yes
Application	zohocorp	manageengine_cloud_security_plus	4.1	Yes
Application	zohocorp	manageengine_datasecurity_plus	< 6.1	Yes
Application	zohocorp	manageengine_datasecurity_plus	6.1	Yes
Application	zohocorp	manageengine_datasecurity_plus	6.1	Yes
Application	zohocorp	manageengine_datasecurity_plus	6.1	Yes
Application	zohocorp	manageengine_eventlog_analyzer	< 12.3.0	Yes
Application	zohocorp	manageengine_eventlog_analyzer	12.3.0	Yes
Application	zohocorp	manageengine_eventlog_analyzer	12.3.0	Yes
Application	zohocorp	manageengine_exchange_reporter_plus	< 5.7	Yes
Application	zohocorp	manageengine_exchange_reporter_plus	5.7	Yes
Application	zohocorp	manageengine_exchange_reporter_plus	5.7	Yes
Application	zohocorp	manageengine_exchange_reporter_plus	5.7	Yes
Application	zohocorp	manageengine_exchange_reporter_plus	5.7	Yes
Application	zohocorp	manageengine_exchange_reporter_plus	5.7	Yes
Application	zohocorp	manageengine_exchange_reporter_plus	5.7	Yes
Application	zohocorp	manageengine_exchange_reporter_plus	5.7	Yes
Application	zohocorp	manageengine_exchange_reporter_plus	5.7	Yes
Application	zohocorp	manageengine_exchange_reporter_plus	5.7	Yes
Application	zohocorp	manageengine_exchange_reporter_plus	5.7	Yes
Application	zohocorp	manageengine_log360	< 5.3	Yes
Application	zohocorp	manageengine_log360	5.3	Yes
Application	zohocorp	manageengine_log360	5.3	Yes
Application	zohocorp	manageengine_log360	5.3	Yes
Application	zohocorp	manageengine_log360	5.3	Yes
Application	zohocorp	manageengine_log360	5.3	Yes
Application	zohocorp	manageengine_log360	5.3	Yes
Application	zohocorp	manageengine_log360	5.3	Yes
Application	zohocorp	manageengine_log360_ueba	4.0	Yes
Application	zohocorp	manageengine_log360_ueba	4.0	Yes
Application	zohocorp	manageengine_log360_ueba	4.0	Yes
Application	zohocorp	manageengine_log360_ueba	4.0	Yes
Application	zohocorp	manageengine_log360_ueba	4.0	Yes
Application	zohocorp	manageengine_log360_ueba	4.0	Yes
Application	zohocorp	manageengine_log360_ueba	4.0	Yes
Application	zohocorp	manageengine_log360_ueba	4.0	Yes
Application	zohocorp	manageengine_log360_ueba	4.0	Yes
Application	zohocorp	manageengine_log360_ueba	4.0	Yes
Application	zohocorp	manageengine_log360_ueba	4.0	Yes
Application	zohocorp	manageengine_log360_ueba	4.0	Yes
Application	zohocorp	manageengine_log360_ueba	4.0	Yes
Application	zohocorp	manageengine_log360_ueba	4.0	Yes
Application	zohocorp	manageengine_log360_ueba	4.0	Yes
Application	zohocorp	manageengine_log360_ueba	4.0	Yes
Application	zohocorp	manageengine_log360_ueba	4.0	Yes
Application	zohocorp	manageengine_log360_ueba	4.0	Yes
Application	zohocorp	manageengine_log360_ueba	4.0	Yes
Application	zohocorp	manageengine_log360_ueba	4.0	Yes
Application	zohocorp	manageengine_m365_manager_plus	< 4.5	Yes
Application	zohocorp	manageengine_m365_manager_plus	4.5	Yes
Application	zohocorp	manageengine_m365_manager_plus	4.5	Yes
Application	zohocorp	manageengine_m365_manager_plus	4.5	Yes
Application	zohocorp	manageengine_m365_manager_plus	4.5	Yes
Application	zohocorp	manageengine_m365_manager_plus	4.5	Yes
Application	zohocorp	manageengine_m365_manager_plus	4.5	Yes
Application	zohocorp	manageengine_m365_manager_plus	4.5	Yes
Application	zohocorp	manageengine_m365_manager_plus	4.5	Yes
Application	zohocorp	manageengine_m365_manager_plus	4.5	Yes
Application	zohocorp	manageengine_m365_manager_plus	4.5	Yes
Application	zohocorp	manageengine_m365_manager_plus	4.5	Yes
Application	zohocorp	manageengine_m365_manager_plus	4.5	Yes
Application	zohocorp	manageengine_m365_manager_plus	4.5	Yes
Application	zohocorp	manageengine_m365_manager_plus	4.5	Yes
Application	zohocorp	manageengine_m365_manager_plus	4.5	Yes
Application	zohocorp	manageengine_m365_manager_plus	4.5	Yes
Application	zohocorp	manageengine_m365_manager_plus	4.5	Yes
Application	zohocorp	manageengine_m365_manager_plus	4.5	Yes
Application	zohocorp	manageengine_m365_manager_plus	4.5	Yes
Application	zohocorp	manageengine_m365_manager_plus	4.5	Yes
Application	zohocorp	manageengine_m365_manager_plus	4.5	Yes
Application	zohocorp	manageengine_m365_manager_plus	4.5	Yes
Application	zohocorp	manageengine_m365_manager_plus	4.5	Yes
Application	zohocorp	manageengine_m365_security_plus	< 4.5	Yes
Application	zohocorp	manageengine_m365_security_plus	4.5	Yes
Application	zohocorp	manageengine_m365_security_plus	4.5	Yes
Application	zohocorp	manageengine_m365_security_plus	4.5	Yes
Application	zohocorp	manageengine_m365_security_plus	4.5	Yes
Application	zohocorp	manageengine_m365_security_plus	4.5	Yes
Application	zohocorp	manageengine_m365_security_plus	4.5	Yes
Application	zohocorp	manageengine_m365_security_plus	4.5	Yes
Application	zohocorp	manageengine_m365_security_plus	4.5	Yes
Application	zohocorp	manageengine_m365_security_plus	4.5	Yes
Application	zohocorp	manageengine_m365_security_plus	4.5	Yes
Application	zohocorp	manageengine_m365_security_plus	4.5	Yes
Application	zohocorp	manageengine_m365_security_plus	4.5	Yes
Application	zohocorp	manageengine_m365_security_plus	4.5	Yes
Application	zohocorp	manageengine_m365_security_plus	4.5	Yes
Application	zohocorp	manageengine_m365_security_plus	4.5	Yes
Application	zohocorp	manageengine_m365_security_plus	4.5	Yes
Application	zohocorp	manageengine_m365_security_plus	4.5	Yes
Application	zohocorp	manageengine_m365_security_plus	4.5	Yes
Application	zohocorp	manageengine_m365_security_plus	4.5	Yes
Application	zohocorp	manageengine_m365_security_plus	4.5	Yes
Application	zohocorp	manageengine_m365_security_plus	4.5	Yes
Application	zohocorp	manageengine_m365_security_plus	4.5	Yes
Application	zohocorp	manageengine_m365_security_plus	4.5	Yes
Application	zohocorp	manageengine_recoverymanager_plus	< 6.0	Yes
Application	zohocorp	manageengine_recoverymanager_plus	6.0	Yes
Application	zohocorp	manageengine_recoverymanager_plus	6.0	Yes
Application	zohocorp	manageengine_recoverymanager_plus	6.0	Yes
Application	zohocorp	manageengine_recoverymanager_plus	6.0	Yes
Application	zohocorp	manageengine_recoverymanager_plus	6.0	Yes
Application	zohocorp	manageengine_recoverymanager_plus	6.0	Yes
Application	zohocorp	manageengine_recoverymanager_plus	6.0	Yes
Application	zohocorp	manageengine_recoverymanager_plus	6.0	Yes
Application	zohocorp	manageengine_recoverymanager_plus	6.0	Yes
Application	zohocorp	manageengine_recoverymanager_plus	6.0	Yes
Application	zohocorp	manageengine_recoverymanager_plus	6.0	Yes
Application	zohocorp	manageengine_recoverymanager_plus	6.0	Yes
Application	zohocorp	manageengine_recoverymanager_plus	6.0	Yes
Application	zohocorp	manageengine_recoverymanager_plus	6.0	Yes
Application	zohocorp	manageengine_recoverymanager_plus	6.0	Yes
Application	zohocorp	manageengine_recoverymanager_plus	6.0	Yes
Application	zohocorp	manageengine_recoverymanager_plus	6.0	Yes
Application	zohocorp	manageengine_recoverymanager_plus	6.0	Yes
Application	zohocorp	manageengine_recoverymanager_plus	6.0	Yes
Application	zohocorp	manageengine_recoverymanager_plus	6.0	Yes
Application	zohocorp	manageengine_recoverymanager_plus	6.0	Yes
Application	zohocorp	manageengine_recoverymanager_plus	6.0	Yes
Application	zohocorp	manageengine_recoverymanager_plus	6.0	Yes
Application	zohocorp	manageengine_recoverymanager_plus	6.0	Yes
Application	zohocorp	manageengine_recoverymanager_plus	6.0	Yes
Application	zohocorp	manageengine_recoverymanager_plus	6.0	Yes
Application	zohocorp	manageengine_recoverymanager_plus	6.0	Yes
Application	zohocorp	manageengine_servicedesk_plus	< 14.2	Yes
Application	zohocorp	manageengine_servicedesk_plus	14.2	Yes
Application	zohocorp	manageengine_servicedesk_plus	14.2	Yes
Application	zohocorp	manageengine_servicedesk_plus	14.2	Yes
Application	zohocorp	manageengine_servicedesk_plus	14.2	Yes
Application	zohocorp	manageengine_servicedesk_plus	14.2	Yes
Application	zohocorp	manageengine_servicedesk_plus	14.3	Yes
Application	zohocorp	manageengine_servicedesk_plus	14.3	Yes
Application	zohocorp	manageengine_servicedesk_plus	14.3	Yes
Application	zohocorp	manageengine_servicedesk_plus_msp	< 14.3	Yes
Application	zohocorp	manageengine_servicedesk_plus_msp	14.3	Yes
Application	zohocorp	manageengine_sharepoint_manager_plus	< 4.4	Yes
Application	zohocorp	manageengine_sharepoint_manager_plus	4.4	Yes
Application	zohocorp	manageengine_sharepoint_manager_plus	4.4	Yes
Application	zohocorp	manageengine_sharepoint_manager_plus	4.4	Yes
Application	zohocorp	manageengine_supportcenter_plus	< 14.3	Yes
Application	zohocorp	manageengine_supportcenter_plus	14.3	Yes

References

https://manageengine.com Product ([email protected])
https://www.manageengine.com/security/advisory/CVE/CVE-2023-35785.html Patch, Vendor Advisory ([email protected])
https://manageengine.com Product (af854a3a-2127-422b-91ae-364da2661108)
https://www.manageengine.com/security/advisory/CVE/CVE-2023-35785.html Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)

How SecUtils Interprets This CVE

SecUtils normalizes and enriches National Vulnerability Database (NVD) records by standardizing vendor and product identifiers, aggregating vulnerability metadata from both NVD and MITRE sources, and providing structured context for security teams. For zohocorp's affected products, we extract Common Platform Enumeration (CPE) data, Common Weakness Enumeration (CWE) classifications, CVSS severity metrics, and reference data to enable rapid vulnerability prioritization and asset correlation. This record contains no exploit code, proof-of-concept instructions, or attack methodologies—only defensive intelligence necessary for patch management, risk assessment, and security operations.