CVE-2023-35719

CWE-3453 documents3 sources
Severity
6.8MEDIUM
EPSS
0.2%
top 61.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Manageengine Adselfservice PlusZohocorp Manageengine Adselfservice Plus
Timeline
PublishedSep 6

Description

ManageEngine ADSelfService Plus GINA Client Insufficient Verification of Data Authenticity Authentication Bypass Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of ManageEngine ADSelfService Plus. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Password Reset Portal used by the GINA client. The issue results from the lack of proper authentication of data received via HTTP.

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 0.9 | Impact: 5.9

Affected Packages2 packages

CVEListV5manageengine/adselfservice_plus6.1 Build 6122

🔴Vulnerability Details

2
CVEList
ManageEngine ADSelfService Plus GINA Client Insufficient Verification of Data Authenticity Authentication Bypass Vulnerability2023-09-06
GHSA
GHSA-qp6r-4xpp-qr2h: ManageEngine ADSelfService Plus GINA Client Insufficient Verification of Data Authenticity Authentication Bypass Vulnerability2023-09-06
CVE-2023-35719 (MEDIUM CVSS 6.8) | ManageEngine ADSelfService Plus GIN | cvebase.io