Unrated severityNVD Advisory· Published Sep 6, 2023· Updated Sep 26, 2024
ManageEngine ADSelfService Plus GINA Client Insufficient Verification of Data Authenticity Authentication Bypass Vulnerability
CVE-2023-35719
Description
ManageEngine ADSelfService Plus GINA Client Insufficient Verification of Data Authenticity Authentication Bypass Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of ManageEngine ADSelfService Plus. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the Password Reset Portal used by the GINA client. The issue results from the lack of proper authentication of data received via HTTP. An attacker can leverage this vulnerability to bypass authentication and execute code in the context of SYSTEM. Was ZDI-CAN-17009.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: 6.1 Build 6122
Patches
Vulnerability mechanics
References
2- www.manageengine.com/products/self-service-password/kb/our-response-to-CVE-2023-35719.htmlmitrevendor-advisory
- www.zerodayinitiative.com/advisories/ZDI-23-891mitrex_research-advisory
News mentions
0No linked articles in our index yet.