Vulnerability Details CVE-2023-35785
Zoho ManageEngine Active Directory 360 versions 4315 and below, ADAudit Plus 7202 and below, ADManager Plus 7200 and below, Asset Explorer 6993 and below and 7xxx 7002 and below, Cloud Security Plus 4161 and below, Data Security Plus 6110 and below, Eventlog Analyzer 12301 and below, Exchange Reporter Plus 5709 and below, Log360 5315 and below, Log360 UEBA 4045 and below, M365 Manager Plus 4529 and below, M365 Security Plus 4529 and below, Recovery Manager Plus 6061 and below, ServiceDesk Plus 14204 and below and 143xx 14302 and below, ServiceDesk Plus MSP 14300 and below, SharePoint Manager Plus 4402 and below, and Support Center Plus 14300 and below are vulnerable to 2FA bypass via a few TOTP authenticators. Note: A valid pair of username and password is required to leverage this vulnerability.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 57.1%
CVSS Severity
CVSS v3 Score 8.1
References
Products affected by CVE-2023-35785
-
cpe:2.3:a:zohocorp:manageengine_ad360:4.1
-
cpe:2.3:a:zohocorp:manageengine_ad360:4.2
-
cpe:2.3:a:zohocorp:manageengine_ad360:4.3
-
cpe:2.3:a:zohocorp:manageengine_adaudit_plus:-
-
cpe:2.3:a:zohocorp:manageengine_adaudit_plus:4.1.0
-
cpe:2.3:a:zohocorp:manageengine_adaudit_plus:4.5.0
-
cpe:2.3:a:zohocorp:manageengine_adaudit_plus:5.0.0
-
cpe:2.3:a:zohocorp:manageengine_adaudit_plus:5.1
-
cpe:2.3:a:zohocorp:manageengine_adaudit_plus:6.0
-
cpe:2.3:a:zohocorp:manageengine_adaudit_plus:6.0.1
-
cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0
-
cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0.0
-
cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.1.1
-
cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2
-
cpe:2.3:a:zohocorp:manageengine_admanager_plus:-
-
cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.1
-
cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.2
-
cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.5.7
-
cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.6
-
cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.6.5
-
cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.0
-
cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1
-
cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2
-
cpe:2.3:a:zohocorp:manageengine_assetexplorer:-
-
cpe:2.3:a:zohocorp:manageengine_assetexplorer:1.0.34
-
cpe:2.3:a:zohocorp:manageengine_assetexplorer:4.0
-
cpe:2.3:a:zohocorp:manageengine_assetexplorer:5.6
-
cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.1
-
cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.2.0
-
cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.5
-
cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9
-
cpe:2.3:a:zohocorp:manageengine_assetexplorer:7.0
-
cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.0
-
cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1
-
cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:-
-
cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:4.0
-
cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:4.1
-
cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:4.2
-
cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:4.3
-
cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:5.0
-
cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.0
-
cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.0.3
-
cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.1
-
cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:10.0
-
cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:10.6
-
cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:10.7
-
cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:10.8
-
cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:11.0
-
cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:11.1
-
cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:11.10
-
cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:11.11
-
cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:11.12
-
cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:11.13
-
cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:11.14
-
cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:11.2
-
cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:11.20
-
cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:11.21
-
cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:11.3
-
cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:11.4
-
cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:11.5
-
cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:11.6
-
cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:11.7
-
cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:11.8
-
cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:11.9
-
cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:12.0.0
-
cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:12.0.1
-
cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:12.0.2
-
cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:12.0.3
-
cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:12.0.4
-
cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:12.0.5
-
cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:12.0.6
-
cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:12.1.0
-
cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:12.1.1
-
cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:12.1.2
-
cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:12.1.3
-
cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:12.1.4
-
cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:12.1.5
-
cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:12.1.6
-
cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:12.2.0
-
cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:12.2.1
-
cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:12.2.2
-
cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:12.2.3
-
cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:12.2.4
-
cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:12.2.5
-
cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:12.2.6
-
cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:12.2.7
-
cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:12.2.8
-
cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:12.2.9
-
cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:12.3.0
-
cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:6.0
-
cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:6.1
-
cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:6.2
-
cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:7.0
-
cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:7.2
-
cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:8.2
-
cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:8.5
-
cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:8.6
-
cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:9.0
-
cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:9.9
-
cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:-
-
cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.4
-
cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.5
-
cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.6
-
cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7
-
cpe:2.3:a:zohocorp:manageengine_log360:5.0
-
cpe:2.3:a:zohocorp:manageengine_log360:5.1
-
cpe:2.3:a:zohocorp:manageengine_log360:5.2
-
cpe:2.3:a:zohocorp:manageengine_log360:5.3
-
cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0
-
cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:-
-
cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.4
-
cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5
-
cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.4
-
cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5
-
cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:5.3
-
cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:5.4
-
cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0
-
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:-
-
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0
-
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0
-
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5
-
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.0
-
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1
-
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2
-
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.3
-
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:12.0
-
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0
-
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.0
-
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.1
-
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.2
-
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.3
-
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.1
-
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2
-
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0
-
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1
-
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2
-
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3
-
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4
-
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:-
-
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5
-
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6
-
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:13.0
-
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:14.0
-
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:14.2
-
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:14.3
-
cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:-
-
cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.0
-
cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.1
-
cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.2
-
cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.3
-
cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.4
-
cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:-
-
cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0
-
cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:14.0
-
cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:14.2
-
cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:14.3
-
cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:7.9
-
cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:7.90
-
cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:8.0
-
cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:8.1