mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 17:21:36 +00:00
175 lines
5.9 KiB
JSON
175 lines
5.9 KiB
JSON
{
|
|
"id": "CVE-2023-35854",
|
|
"sourceIdentifier": "cve@mitre.org",
|
|
"published": "2023-06-20T12:15:09.690",
|
|
"lastModified": "2024-11-21T08:08:49.827",
|
|
"vulnStatus": "Modified",
|
|
"cveTags": [
|
|
{
|
|
"sourceIdentifier": "cve@mitre.org",
|
|
"tags": [
|
|
"disputed"
|
|
]
|
|
}
|
|
],
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "Zoho ManageEngine ADSelfService Plus through 6113 has an authentication bypass that can be exploited to steal the domain controller session token for identity spoofing, thereby achieving the privileges of the domain controller administrator. NOTE: the vendor's perspective is that they have \"found no evidence or detail of a security vulnerability.\""
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV31": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
|
|
"baseScore": 9.8,
|
|
"baseSeverity": "CRITICAL",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "NONE",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "HIGH",
|
|
"availabilityImpact": "HIGH"
|
|
},
|
|
"exploitabilityScore": 3.9,
|
|
"impactScore": 5.9
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-306"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:*:*:*:*:*:*:*:*",
|
|
"versionEndExcluding": "6.1",
|
|
"matchCriteriaId": "A79AAA12-67D4-4343-9E0B-249C07144DD8"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:-:*:*:*:*:*:*",
|
|
"matchCriteriaId": "B2320EEE-367C-4CE1-8AC4-048B97DE71F3"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6100:*:*:*:*:*:*",
|
|
"matchCriteriaId": "B1E5484A-D834-4C7A-962C-C78CF0CDAA8B"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6101:*:*:*:*:*:*",
|
|
"matchCriteriaId": "6FA21683-29F7-44EB-84C6-D29C6C64DE97"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6102:*:*:*:*:*:*",
|
|
"matchCriteriaId": "7BE0B72F-2963-4666-9A82-7812BFB52DB0"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6103:*:*:*:*:*:*",
|
|
"matchCriteriaId": "85DD7E26-B9C5-4DCC-8F50-F5884AF61105"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6104:*:*:*:*:*:*",
|
|
"matchCriteriaId": "AC37608E-E61B-4333-8358-50C8377A1ABF"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6105:*:*:*:*:*:*",
|
|
"matchCriteriaId": "C13EF458-FE95-49E5-9A13-04C96C3F114A"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6106:*:*:*:*:*:*",
|
|
"matchCriteriaId": "12919644-3D85-488C-89A3-58A1FB31279D"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6107:*:*:*:*:*:*",
|
|
"matchCriteriaId": "75206A94-9155-48D7-A378-5020877B8B97"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6108:*:*:*:*:*:*",
|
|
"matchCriteriaId": "E50CF265-DE6F-4281-8300-06D54185AA43"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6109:*:*:*:*:*:*",
|
|
"matchCriteriaId": "EB577C00-1412-4F87-B91A-5E956EB2213F"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6110:*:*:*:*:*:*",
|
|
"matchCriteriaId": "4C7681FA-FC15-49CE-9288-3C4E361F4D21"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6111:*:*:*:*:*:*",
|
|
"matchCriteriaId": "80F12A94-93C5-4442-8FB3-4E02E4DECCEB"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6112:*:*:*:*:*:*",
|
|
"matchCriteriaId": "17270CDC-C800-4B5A-BEAA-83AF455BBBEA"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "https://github.com/970198175/Simply-use",
|
|
"source": "cve@mitre.org",
|
|
"tags": [
|
|
"Third Party Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://www.manageengine.com",
|
|
"source": "cve@mitre.org",
|
|
"tags": [
|
|
"Product"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://github.com/970198175/Simply-use",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Third Party Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://www.manageengine.com",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Product"
|
|
]
|
|
}
|
|
]
|
|
} |