CVE-2023-41904

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-41904
Zoho ManageEngine ADManager Plus before 7203 allows 2FA bypass (for AuthToken generation) in REST APIs.

5.4 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2023-41904.html Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:zohocorp:manageengine_admanager_plus:*:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7200:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7201:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7202:*:*:*:*:*:*
History

No history.

Information

Published : 2023-09-27 15:19

Updated : 2023-09-28 17:41

NVD link : CVE-2023-41904

Mitre link : CVE-2023-41904

CVE.ORG link : CVE-2023-41904

JSON object : View

Products Affected

zohocorp

  • manageengine_admanager_plus
CWE
CWE-287

Improper Authentication