Password Disclosure in Zoho ManageEngine ADManager Plus
CVE-2023-31492
6.5MEDIUM
What is CVE-2023-31492?
Zoho ManageEngine ADManager Plus prior to version 7183 contains a vulnerability that allows authenticated users to view default passwords associated with account restoration for unauthorized domains. This flaw can lead to unauthorized access, compromising sensitive data and administrative functionalities. Timely updates and monitoring are essential to mitigate the risks posed by this vulnerability.
References
CVSS V3.1
Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved