Vulnerability-Lookup

CVE-2023-31492 (GCVE-0-2023-31492)

Vulnerability from cvelistv5 – Published: 2023-08-17 00:00 – Updated: 2024-11-26 21:35

Summary

Zoho ManageEngine ADManager Plus version 7182 and prior disclosed the default passwords for the account restoration of unauthorized domains to the authenticated users.

Severity

No CVSS data available.

SSVC

Exploitation: poc Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

Assigner

mitre

References

3 references

URL	Tags
https://github.com/passtheticket/vulnerability-re…
https://www.manageengine.com/products/ad-manager/…
http://packetstormsecurity.com/files/177091/Manag…

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T14:53:31.043Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/passtheticket/vulnerability-research/blob/main/manage-engine-apps/admanager-recovery-password-disclosure.md"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2023-31492.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/177091/ManageEngine-ADManager-Plus-Recovery-Password-Disclosure.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-31492",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-26T21:34:54.528803Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-26T21:35:29.178Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Zoho ManageEngine ADManager Plus version 7182 and prior disclosed the default passwords for the account restoration of unauthorized domains to the authenticated users."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-02-13T23:05:50.368Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://github.com/passtheticket/vulnerability-research/blob/main/manage-engine-apps/admanager-recovery-password-disclosure.md"
        },
        {
          "url": "https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2023-31492.html"
        },
        {
          "url": "http://packetstormsecurity.com/files/177091/ManageEngine-ADManager-Plus-Recovery-Password-Disclosure.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2023-31492",
    "datePublished": "2023-08-17T00:00:00.000Z",
    "dateReserved": "2023-04-29T00:00:00.000Z",
    "dateUpdated": "2024-11-26T21:35:29.178Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2023-31492",
      "date": "2026-06-06",
      "epss": "0.00198",
      "percentile": "0.41842"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_admanager_plus:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"7.1\", \"matchCriteriaId\": \"B9D72627-17F9-427E-907B-56EA0A498131\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"DB6D57E0-63FB-4ED2-8F7A-D882EB4925BF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7100:*:*:*:*:*:*\", \"matchCriteriaId\": \"736740CB-A328-4163-BAC4-6C881A24C8B1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7101:*:*:*:*:*:*\", \"matchCriteriaId\": \"9B806083-7309-4215-AF81-DCC4D90B7876\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7102:*:*:*:*:*:*\", \"matchCriteriaId\": \"A741CDA8-D1A8-4F83-AE54-7D3D3C433825\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7110:*:*:*:*:*:*\", \"matchCriteriaId\": \"09563D6F-690B-4C7A-BA25-52D009724A74\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7111:*:*:*:*:*:*\", \"matchCriteriaId\": \"30FAC23B-831E-4904-AB3B-85A3C068CEB8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7112:*:*:*:*:*:*\", \"matchCriteriaId\": \"9347D3CF-B5D1-4ACE-83E1-73748EF15120\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7113:*:*:*:*:*:*\", \"matchCriteriaId\": \"322E0562-4586-4DF4-A935-C2447883495B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7114:*:*:*:*:*:*\", \"matchCriteriaId\": \"EB9151D6-BD21-4268-9371-FF702C1AD84B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7115:*:*:*:*:*:*\", \"matchCriteriaId\": \"B371E93E-7C85-42DD-AA7F-9B43D8D02963\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7116:*:*:*:*:*:*\", \"matchCriteriaId\": \"094EEFA4-BD16-4F79-8133-62F9E2C8C675\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7117:*:*:*:*:*:*\", \"matchCriteriaId\": \"DC5A6297-98E3-45C8-95FB-7F4E65D133BF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7118:*:*:*:*:*:*\", \"matchCriteriaId\": \"93C96678-34B7-4FCE-9DBD-1A7B3E0943BB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7120:*:*:*:*:*:*\", \"matchCriteriaId\": \"9E9B9E88-919F-4CF7-99DC-72E50BDF65A9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7121:*:*:*:*:*:*\", \"matchCriteriaId\": \"7848B31C-AB51-486B-8655-7D7A060BAFFC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7122:*:*:*:*:*:*\", \"matchCriteriaId\": \"1CFB5C4A-B717-4CC2-AE03-336C63D17B96\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7123:*:*:*:*:*:*\", \"matchCriteriaId\": \"456D49D7-F04D-4003-B429-8D5504959D04\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7124:*:*:*:*:*:*\", \"matchCriteriaId\": \"BB788440-904B-430E-BF5B-12ADA816477E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7125:*:*:*:*:*:*\", \"matchCriteriaId\": \"876CC4D6-9546-4D39-965A-EF5A4AF4AD93\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7126:*:*:*:*:*:*\", \"matchCriteriaId\": \"85432FE8-946F-448D-A92A-FF549EDC52F8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7130:*:*:*:*:*:*\", \"matchCriteriaId\": \"813E1389-A949-427C-92C6-3974702FEA5D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7131:*:*:*:*:*:*\", \"matchCriteriaId\": \"34A48841-EA09-4917-A6FF-DF645B581426\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7140:*:*:*:*:*:*\", \"matchCriteriaId\": \"1C042646-9D36-4712-9E5D-40E55FCF7C24\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7141:*:*:*:*:*:*\", \"matchCriteriaId\": \"9E6CD67A-7F5A-4F29-B563-7E4D72A1149F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7150:*:*:*:*:*:*\", \"matchCriteriaId\": \"77A0C792-A8B7-48F8-9AD7-96B0CBAD4EBF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7151:*:*:*:*:*:*\", \"matchCriteriaId\": \"7E53B3CB-4351-4E24-B80C-D62CC483D4D7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7160:*:*:*:*:*:*\", \"matchCriteriaId\": \"0068E901-62D2-4C4D-96F8-7823B0DF7DA8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7161:*:*:*:*:*:*\", \"matchCriteriaId\": \"CF70BA56-3478-4DA5-B013-4D9B820D2219\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7162:*:*:*:*:*:*\", \"matchCriteriaId\": \"28E1833F-24C8-44EC-9B66-4D832AB1C9AD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7163:*:*:*:*:*:*\", \"matchCriteriaId\": \"7DCA2AF7-8732-4095-BB6F-6F40EADD7449\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7170:*:*:*:*:*:*\", \"matchCriteriaId\": \"54247785-E55A-407D-A667-1734E7C84DF8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7171:*:*:*:*:*:*\", \"matchCriteriaId\": \"5C8887B2-D378-4A7D-B678-9B2C68953E76\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7180:*:*:*:*:*:*\", \"matchCriteriaId\": \"ADD4EAD7-275A-4467-9217-102051BE49C6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7181:*:*:*:*:*:*\", \"matchCriteriaId\": \"8181AF41-779F-4289-BECE-03C2731FDA21\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7182:*:*:*:*:*:*\", \"matchCriteriaId\": \"2BFB486E-9256-4B56-98BF-24B5A56415A2\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Zoho ManageEngine ADManager Plus version 7182 and prior disclosed the default passwords for the account restoration of unauthorized domains to the authenticated users.\"}, {\"lang\": \"es\", \"value\": \"ADManager Plus versi\\u00f3n 7182 y anteriores de ManageEngine de Zoho divulgaron las contrase\\u00f1as predeterminadas para la restauraci\\u00f3n de cuentas de dominios no autorizadas a los usuarios autenticados.\"}]",
      "id": "CVE-2023-31492",
      "lastModified": "2024-11-21T08:01:58.740",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 3.6}]}",
      "published": "2023-08-17T23:15:09.167",
      "references": "[{\"url\": \"http://packetstormsecurity.com/files/177091/ManageEngine-ADManager-Plus-Recovery-Password-Disclosure.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://github.com/passtheticket/vulnerability-research/blob/main/manage-engine-apps/admanager-recovery-password-disclosure.md\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2023-31492.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://packetstormsecurity.com/files/177091/ManageEngine-ADManager-Plus-Recovery-Password-Disclosure.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://github.com/passtheticket/vulnerability-research/blob/main/manage-engine-apps/admanager-recovery-password-disclosure.md\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2023-31492.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-522\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-31492\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2023-08-17T23:15:09.167\",\"lastModified\":\"2024-11-21T08:01:58.740\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Zoho ManageEngine ADManager Plus version 7182 and prior disclosed the default passwords for the account restoration of unauthorized domains to the authenticated users.\"},{\"lang\":\"es\",\"value\":\"ADManager Plus versi\u00f3n 7182 y anteriores de ManageEngine de Zoho divulgaron las contrase\u00f1as predeterminadas para la restauraci\u00f3n de cuentas de dominios no autorizadas a los usuarios autenticados.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-522\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_admanager_plus:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.1\",\"matchCriteriaId\":\"B9D72627-17F9-427E-907B-56EA0A498131\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB6D57E0-63FB-4ED2-8F7A-D882EB4925BF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7100:*:*:*:*:*:*\",\"matchCriteriaId\":\"736740CB-A328-4163-BAC4-6C881A24C8B1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7101:*:*:*:*:*:*\",\"matchCriteriaId\":\"9B806083-7309-4215-AF81-DCC4D90B7876\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7102:*:*:*:*:*:*\",\"matchCriteriaId\":\"A741CDA8-D1A8-4F83-AE54-7D3D3C433825\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7110:*:*:*:*:*:*\",\"matchCriteriaId\":\"09563D6F-690B-4C7A-BA25-52D009724A74\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7111:*:*:*:*:*:*\",\"matchCriteriaId\":\"30FAC23B-831E-4904-AB3B-85A3C068CEB8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7112:*:*:*:*:*:*\",\"matchCriteriaId\":\"9347D3CF-B5D1-4ACE-83E1-73748EF15120\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7113:*:*:*:*:*:*\",\"matchCriteriaId\":\"322E0562-4586-4DF4-A935-C2447883495B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7114:*:*:*:*:*:*\",\"matchCriteriaId\":\"EB9151D6-BD21-4268-9371-FF702C1AD84B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7115:*:*:*:*:*:*\",\"matchCriteriaId\":\"B371E93E-7C85-42DD-AA7F-9B43D8D02963\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7116:*:*:*:*:*:*\",\"matchCriteriaId\":\"094EEFA4-BD16-4F79-8133-62F9E2C8C675\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7117:*:*:*:*:*:*\",\"matchCriteriaId\":\"DC5A6297-98E3-45C8-95FB-7F4E65D133BF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7118:*:*:*:*:*:*\",\"matchCriteriaId\":\"93C96678-34B7-4FCE-9DBD-1A7B3E0943BB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7120:*:*:*:*:*:*\",\"matchCriteriaId\":\"9E9B9E88-919F-4CF7-99DC-72E50BDF65A9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7121:*:*:*:*:*:*\",\"matchCriteriaId\":\"7848B31C-AB51-486B-8655-7D7A060BAFFC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7122:*:*:*:*:*:*\",\"matchCriteriaId\":\"1CFB5C4A-B717-4CC2-AE03-336C63D17B96\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7123:*:*:*:*:*:*\",\"matchCriteriaId\":\"456D49D7-F04D-4003-B429-8D5504959D04\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7124:*:*:*:*:*:*\",\"matchCriteriaId\":\"BB788440-904B-430E-BF5B-12ADA816477E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7125:*:*:*:*:*:*\",\"matchCriteriaId\":\"876CC4D6-9546-4D39-965A-EF5A4AF4AD93\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7126:*:*:*:*:*:*\",\"matchCriteriaId\":\"85432FE8-946F-448D-A92A-FF549EDC52F8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7130:*:*:*:*:*:*\",\"matchCriteriaId\":\"813E1389-A949-427C-92C6-3974702FEA5D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7131:*:*:*:*:*:*\",\"matchCriteriaId\":\"34A48841-EA09-4917-A6FF-DF645B581426\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7140:*:*:*:*:*:*\",\"matchCriteriaId\":\"1C042646-9D36-4712-9E5D-40E55FCF7C24\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7141:*:*:*:*:*:*\",\"matchCriteriaId\":\"9E6CD67A-7F5A-4F29-B563-7E4D72A1149F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7150:*:*:*:*:*:*\",\"matchCriteriaId\":\"77A0C792-A8B7-48F8-9AD7-96B0CBAD4EBF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7151:*:*:*:*:*:*\",\"matchCriteriaId\":\"7E53B3CB-4351-4E24-B80C-D62CC483D4D7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7160:*:*:*:*:*:*\",\"matchCriteriaId\":\"0068E901-62D2-4C4D-96F8-7823B0DF7DA8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7161:*:*:*:*:*:*\",\"matchCriteriaId\":\"CF70BA56-3478-4DA5-B013-4D9B820D2219\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7162:*:*:*:*:*:*\",\"matchCriteriaId\":\"28E1833F-24C8-44EC-9B66-4D832AB1C9AD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7163:*:*:*:*:*:*\",\"matchCriteriaId\":\"7DCA2AF7-8732-4095-BB6F-6F40EADD7449\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7170:*:*:*:*:*:*\",\"matchCriteriaId\":\"54247785-E55A-407D-A667-1734E7C84DF8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7171:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C8887B2-D378-4A7D-B678-9B2C68953E76\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7180:*:*:*:*:*:*\",\"matchCriteriaId\":\"ADD4EAD7-275A-4467-9217-102051BE49C6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7181:*:*:*:*:*:*\",\"matchCriteriaId\":\"8181AF41-779F-4289-BECE-03C2731FDA21\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7182:*:*:*:*:*:*\",\"matchCriteriaId\":\"2BFB486E-9256-4B56-98BF-24B5A56415A2\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/177091/ManageEngine-ADManager-Plus-Recovery-Password-Disclosure.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://github.com/passtheticket/vulnerability-research/blob/main/manage-engine-apps/admanager-recovery-password-disclosure.md\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2023-31492.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/177091/ManageEngine-ADManager-Plus-Recovery-Password-Disclosure.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/passtheticket/vulnerability-research/blob/main/manage-engine-apps/admanager-recovery-password-disclosure.md\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2023-31492.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/passtheticket/vulnerability-research/blob/main/manage-engine-apps/admanager-recovery-password-disclosure.md\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2023-31492.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://packetstormsecurity.com/files/177091/ManageEngine-ADManager-Plus-Recovery-Password-Disclosure.html\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T14:53:31.043Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-31492\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-11-26T21:34:54.528803Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-11-26T21:35:05.033Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"references\": [{\"url\": \"https://github.com/passtheticket/vulnerability-research/blob/main/manage-engine-apps/admanager-recovery-password-disclosure.md\"}, {\"url\": \"https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2023-31492.html\"}, {\"url\": \"http://packetstormsecurity.com/files/177091/ManageEngine-ADManager-Plus-Recovery-Password-Disclosure.html\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Zoho ManageEngine ADManager Plus version 7182 and prior disclosed the default passwords for the account restoration of unauthorized domains to the authenticated users.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2024-02-13T23:05:50.368591\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-31492\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-11-26T21:35:29.178Z\", \"dateReserved\": \"2023-04-29T00:00:00\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2023-08-17T00:00:00\", \"assignerShortName\": \"mitre\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

BDU:2023-04941

Vulnerability from fstec - Published: 15.03.2023

Title

Уязвимость программного обеспечения для управления сервисом Active Directory Zoho ManageEngine ADManager Plus, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Description

Уязвимость программного обеспечения для управления сервисом Active Directory Zoho ManageEngine ADManager Plus связана с недостаточной защитой регистрационных данных. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, получить несанкционированный доступ к защищаемой информации (просматривать пароли по умолчанию для восстановления учетных записей неавторизованных доменов) с помощью специально сформированного запроса API

Severity


                    
                      AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Vendor

ZOHO Corp.

Software Name

ADManager Plus

Software Version

до 7182 включительно (ADManager Plus)

Possible Mitigations

Использование рекомендаций производителя: https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2023-31492.html

Reference

https://github.com/passtheticket/vulnerability-research/blob/main/manage-engine-apps/admanager-recovery-password-disclosure.md https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2023-31492.html

CWE

CWE-522

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
  "CVSS 3.0": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "ZOHO Corp.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e 7182 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (ADManager Plus)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\nhttps://www.manageengine.com/products/ad-manager/admanager-kb/cve-2023-31492.html",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "15.03.2023",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "28.08.2023",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "28.08.2023",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2023-04941",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2023-31492",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "ADManager Plus",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0441\u0435\u0440\u0432\u0438\u0441\u043e\u043c Active Directory Zoho ManageEngine ADManager Plus, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u0430\u044f \u0437\u0430\u0449\u0438\u0442\u0430 \u0440\u0435\u0433\u0438\u0441\u0442\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 (CWE-522)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0441\u0435\u0440\u0432\u0438\u0441\u043e\u043c Active Directory Zoho ManageEngine ADManager Plus \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e\u0439 \u0437\u0430\u0449\u0438\u0442\u043e\u0439 \u0440\u0435\u0433\u0438\u0441\u0442\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 (\u043f\u0440\u043e\u0441\u043c\u0430\u0442\u0440\u0438\u0432\u0430\u0442\u044c \u043f\u0430\u0440\u043e\u043b\u0438 \u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e \u0434\u043b\u044f \u0432\u043e\u0441\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0443\u0447\u0435\u0442\u043d\u044b\u0445 \u0437\u0430\u043f\u0438\u0441\u0435\u0439 \u043d\u0435\u0430\u0432\u0442\u043e\u0440\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u0434\u043e\u043c\u0435\u043d\u043e\u0432) \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u0444\u043e\u0440\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e \u0437\u0430\u043f\u0440\u043e\u0441\u0430 API",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0441\u0431\u043e\u0440 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://github.com/passtheticket/vulnerability-research/blob/main/manage-engine-apps/admanager-recovery-password-disclosure.md\t \nhttps://www.manageengine.com/products/ad-manager/admanager-kb/cve-2023-31492.html",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-522",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,5)"
}

FKIE_CVE-2023-31492

Vulnerability from fkie_nvd - Published: 2023-08-17 23:15 - Updated: 2024-11-21 08:01

Severity

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Summary

Zoho ManageEngine ADManager Plus version 7182 and prior disclosed the default passwords for the account restoration of unauthorized domains to the authenticated users.

References

URL	Tags
cve@mitre.org	http://packetstormsecurity.com/files/177091/ManageEngine-ADManager-Plus-Recovery-Password-Disclosure.html
cve@mitre.org	https://github.com/passtheticket/vulnerability-research/blob/main/manage-engine-apps/admanager-recovery-password-disclosure.md	Exploit, Third Party Advisory
cve@mitre.org	https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2023-31492.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/177091/ManageEngine-ADManager-Plus-Recovery-Password-Disclosure.html
af854a3a-2127-422b-91ae-364da2661108	https://github.com/passtheticket/vulnerability-research/blob/main/manage-engine-apps/admanager-recovery-password-disclosure.md	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2023-31492.html	Vendor Advisory

Impacted products

Vendor	Product	Version
zohocorp	manageengine_admanager_plus	*
zohocorp	manageengine_admanager_plus	7.1
zohocorp	manageengine_admanager_plus	7.1
zohocorp	manageengine_admanager_plus	7.1
zohocorp	manageengine_admanager_plus	7.1
zohocorp	manageengine_admanager_plus	7.1
zohocorp	manageengine_admanager_plus	7.1
zohocorp	manageengine_admanager_plus	7.1
zohocorp	manageengine_admanager_plus	7.1
zohocorp	manageengine_admanager_plus	7.1
zohocorp	manageengine_admanager_plus	7.1
zohocorp	manageengine_admanager_plus	7.1
zohocorp	manageengine_admanager_plus	7.1
zohocorp	manageengine_admanager_plus	7.1
zohocorp	manageengine_admanager_plus	7.1
zohocorp	manageengine_admanager_plus	7.1
zohocorp	manageengine_admanager_plus	7.1
zohocorp	manageengine_admanager_plus	7.1
zohocorp	manageengine_admanager_plus	7.1
zohocorp	manageengine_admanager_plus	7.1
zohocorp	manageengine_admanager_plus	7.1
zohocorp	manageengine_admanager_plus	7.1
zohocorp	manageengine_admanager_plus	7.1
zohocorp	manageengine_admanager_plus	7.1
zohocorp	manageengine_admanager_plus	7.1
zohocorp	manageengine_admanager_plus	7.1
zohocorp	manageengine_admanager_plus	7.1
zohocorp	manageengine_admanager_plus	7.1
zohocorp	manageengine_admanager_plus	7.1
zohocorp	manageengine_admanager_plus	7.1
zohocorp	manageengine_admanager_plus	7.1
zohocorp	manageengine_admanager_plus	7.1
zohocorp	manageengine_admanager_plus	7.1
zohocorp	manageengine_admanager_plus	7.1
zohocorp	manageengine_admanager_plus	7.1
zohocorp	manageengine_admanager_plus	7.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9D72627-17F9-427E-907B-56EA0A498131",
              "versionEndExcluding": "7.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "DB6D57E0-63FB-4ED2-8F7A-D882EB4925BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7100:*:*:*:*:*:*",
              "matchCriteriaId": "736740CB-A328-4163-BAC4-6C881A24C8B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7101:*:*:*:*:*:*",
              "matchCriteriaId": "9B806083-7309-4215-AF81-DCC4D90B7876",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7102:*:*:*:*:*:*",
              "matchCriteriaId": "A741CDA8-D1A8-4F83-AE54-7D3D3C433825",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7110:*:*:*:*:*:*",
              "matchCriteriaId": "09563D6F-690B-4C7A-BA25-52D009724A74",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7111:*:*:*:*:*:*",
              "matchCriteriaId": "30FAC23B-831E-4904-AB3B-85A3C068CEB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7112:*:*:*:*:*:*",
              "matchCriteriaId": "9347D3CF-B5D1-4ACE-83E1-73748EF15120",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7113:*:*:*:*:*:*",
              "matchCriteriaId": "322E0562-4586-4DF4-A935-C2447883495B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7114:*:*:*:*:*:*",
              "matchCriteriaId": "EB9151D6-BD21-4268-9371-FF702C1AD84B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7115:*:*:*:*:*:*",
              "matchCriteriaId": "B371E93E-7C85-42DD-AA7F-9B43D8D02963",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7116:*:*:*:*:*:*",
              "matchCriteriaId": "094EEFA4-BD16-4F79-8133-62F9E2C8C675",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7117:*:*:*:*:*:*",
              "matchCriteriaId": "DC5A6297-98E3-45C8-95FB-7F4E65D133BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7118:*:*:*:*:*:*",
              "matchCriteriaId": "93C96678-34B7-4FCE-9DBD-1A7B3E0943BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7120:*:*:*:*:*:*",
              "matchCriteriaId": "9E9B9E88-919F-4CF7-99DC-72E50BDF65A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7121:*:*:*:*:*:*",
              "matchCriteriaId": "7848B31C-AB51-486B-8655-7D7A060BAFFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7122:*:*:*:*:*:*",
              "matchCriteriaId": "1CFB5C4A-B717-4CC2-AE03-336C63D17B96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7123:*:*:*:*:*:*",
              "matchCriteriaId": "456D49D7-F04D-4003-B429-8D5504959D04",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7124:*:*:*:*:*:*",
              "matchCriteriaId": "BB788440-904B-430E-BF5B-12ADA816477E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7125:*:*:*:*:*:*",
              "matchCriteriaId": "876CC4D6-9546-4D39-965A-EF5A4AF4AD93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7126:*:*:*:*:*:*",
              "matchCriteriaId": "85432FE8-946F-448D-A92A-FF549EDC52F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7130:*:*:*:*:*:*",
              "matchCriteriaId": "813E1389-A949-427C-92C6-3974702FEA5D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7131:*:*:*:*:*:*",
              "matchCriteriaId": "34A48841-EA09-4917-A6FF-DF645B581426",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7140:*:*:*:*:*:*",
              "matchCriteriaId": "1C042646-9D36-4712-9E5D-40E55FCF7C24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7141:*:*:*:*:*:*",
              "matchCriteriaId": "9E6CD67A-7F5A-4F29-B563-7E4D72A1149F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7150:*:*:*:*:*:*",
              "matchCriteriaId": "77A0C792-A8B7-48F8-9AD7-96B0CBAD4EBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7151:*:*:*:*:*:*",
              "matchCriteriaId": "7E53B3CB-4351-4E24-B80C-D62CC483D4D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7160:*:*:*:*:*:*",
              "matchCriteriaId": "0068E901-62D2-4C4D-96F8-7823B0DF7DA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7161:*:*:*:*:*:*",
              "matchCriteriaId": "CF70BA56-3478-4DA5-B013-4D9B820D2219",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7162:*:*:*:*:*:*",
              "matchCriteriaId": "28E1833F-24C8-44EC-9B66-4D832AB1C9AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7163:*:*:*:*:*:*",
              "matchCriteriaId": "7DCA2AF7-8732-4095-BB6F-6F40EADD7449",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7170:*:*:*:*:*:*",
              "matchCriteriaId": "54247785-E55A-407D-A667-1734E7C84DF8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7171:*:*:*:*:*:*",
              "matchCriteriaId": "5C8887B2-D378-4A7D-B678-9B2C68953E76",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7180:*:*:*:*:*:*",
              "matchCriteriaId": "ADD4EAD7-275A-4467-9217-102051BE49C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7181:*:*:*:*:*:*",
              "matchCriteriaId": "8181AF41-779F-4289-BECE-03C2731FDA21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7182:*:*:*:*:*:*",
              "matchCriteriaId": "2BFB486E-9256-4B56-98BF-24B5A56415A2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Zoho ManageEngine ADManager Plus version 7182 and prior disclosed the default passwords for the account restoration of unauthorized domains to the authenticated users."
    },
    {
      "lang": "es",
      "value": "ADManager Plus versi\u00f3n 7182 y anteriores de ManageEngine de Zoho divulgaron las contrase\u00f1as predeterminadas para la restauraci\u00f3n de cuentas de dominios no autorizadas a los usuarios autenticados."
    }
  ],
  "id": "CVE-2023-31492",
  "lastModified": "2024-11-21T08:01:58.740",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-08-17T23:15:09.167",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://packetstormsecurity.com/files/177091/ManageEngine-ADManager-Plus-Recovery-Password-Disclosure.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/passtheticket/vulnerability-research/blob/main/manage-engine-apps/admanager-recovery-password-disclosure.md"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2023-31492.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://packetstormsecurity.com/files/177091/ManageEngine-ADManager-Plus-Recovery-Password-Disclosure.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/passtheticket/vulnerability-research/blob/main/manage-engine-apps/admanager-recovery-password-disclosure.md"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2023-31492.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-522"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-JRP3-72M5-5JPJ

Vulnerability from github – Published: 2023-08-18 00:30 – Updated: 2024-02-14 00:35

Details

Incorrect access control in Zoho ManageEngine ADManager Plus Build 7180 allows unauthenticated attackers to view user passwords after executing backup or recovery operations on user accounts.

Severity

6.5 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-31492"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-522"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-08-17T23:15:09Z",
    "severity": "MODERATE"
  },
  "details": "Incorrect access control in Zoho ManageEngine ADManager Plus Build 7180 allows unauthenticated attackers to view user passwords after executing backup or recovery operations on user accounts.",
  "id": "GHSA-jrp3-72m5-5jpj",
  "modified": "2024-02-14T00:35:40Z",
  "published": "2023-08-18T00:30:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-31492"
    },
    {
      "type": "WEB",
      "url": "https://github.com/passtheticket/vulnerability-research/blob/main/manage-engine-apps/admanager-recovery-password-disclosure.md"
    },
    {
      "type": "WEB",
      "url": "https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2023-31492.html"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/177091/ManageEngine-ADManager-Plus-Recovery-Password-Disclosure.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2023-31492

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Zoho ManageEngine ADManager Plus version 7182 and prior disclosed the default passwords for the account restoration of unauthorized domains to the authenticated users.

Aliases

CVE-2023-31492

Aliases

CVE-2023-31492

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-31492",
    "id": "GSD-2023-31492"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-31492"
      ],
      "details": "Zoho ManageEngine ADManager Plus version 7182 and prior disclosed the default passwords for the account restoration of unauthorized domains to the authenticated users.",
      "id": "GSD-2023-31492",
      "modified": "2023-12-13T01:20:30.014402Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2023-31492",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Zoho ManageEngine ADManager Plus version 7182 and prior disclosed the default passwords for the account restoration of unauthorized domains to the authenticated users."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/passtheticket/vulnerability-research/blob/main/manage-engine-apps/admanager-recovery-password-disclosure.md",
            "refsource": "MISC",
            "url": "https://github.com/passtheticket/vulnerability-research/blob/main/manage-engine-apps/admanager-recovery-password-disclosure.md"
          },
          {
            "name": "https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2023-31492.html",
            "refsource": "MISC",
            "url": "https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2023-31492.html"
          },
          {
            "name": "http://packetstormsecurity.com/files/177091/ManageEngine-ADManager-Plus-Recovery-Password-Disclosure.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/177091/ManageEngine-ADManager-Plus-Recovery-Password-Disclosure.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "B9D72627-17F9-427E-907B-56EA0A498131",
                    "versionEndExcluding": "7.1",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:-:*:*:*:*:*:*",
                    "matchCriteriaId": "DB6D57E0-63FB-4ED2-8F7A-D882EB4925BF",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7100:*:*:*:*:*:*",
                    "matchCriteriaId": "736740CB-A328-4163-BAC4-6C881A24C8B1",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7101:*:*:*:*:*:*",
                    "matchCriteriaId": "9B806083-7309-4215-AF81-DCC4D90B7876",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7102:*:*:*:*:*:*",
                    "matchCriteriaId": "A741CDA8-D1A8-4F83-AE54-7D3D3C433825",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7110:*:*:*:*:*:*",
                    "matchCriteriaId": "09563D6F-690B-4C7A-BA25-52D009724A74",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7111:*:*:*:*:*:*",
                    "matchCriteriaId": "30FAC23B-831E-4904-AB3B-85A3C068CEB8",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7112:*:*:*:*:*:*",
                    "matchCriteriaId": "9347D3CF-B5D1-4ACE-83E1-73748EF15120",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7113:*:*:*:*:*:*",
                    "matchCriteriaId": "322E0562-4586-4DF4-A935-C2447883495B",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7114:*:*:*:*:*:*",
                    "matchCriteriaId": "EB9151D6-BD21-4268-9371-FF702C1AD84B",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7115:*:*:*:*:*:*",
                    "matchCriteriaId": "B371E93E-7C85-42DD-AA7F-9B43D8D02963",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7116:*:*:*:*:*:*",
                    "matchCriteriaId": "094EEFA4-BD16-4F79-8133-62F9E2C8C675",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7117:*:*:*:*:*:*",
                    "matchCriteriaId": "DC5A6297-98E3-45C8-95FB-7F4E65D133BF",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7118:*:*:*:*:*:*",
                    "matchCriteriaId": "93C96678-34B7-4FCE-9DBD-1A7B3E0943BB",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7120:*:*:*:*:*:*",
                    "matchCriteriaId": "9E9B9E88-919F-4CF7-99DC-72E50BDF65A9",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7121:*:*:*:*:*:*",
                    "matchCriteriaId": "7848B31C-AB51-486B-8655-7D7A060BAFFC",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7122:*:*:*:*:*:*",
                    "matchCriteriaId": "1CFB5C4A-B717-4CC2-AE03-336C63D17B96",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7123:*:*:*:*:*:*",
                    "matchCriteriaId": "456D49D7-F04D-4003-B429-8D5504959D04",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7124:*:*:*:*:*:*",
                    "matchCriteriaId": "BB788440-904B-430E-BF5B-12ADA816477E",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7125:*:*:*:*:*:*",
                    "matchCriteriaId": "876CC4D6-9546-4D39-965A-EF5A4AF4AD93",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7126:*:*:*:*:*:*",
                    "matchCriteriaId": "85432FE8-946F-448D-A92A-FF549EDC52F8",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7130:*:*:*:*:*:*",
                    "matchCriteriaId": "813E1389-A949-427C-92C6-3974702FEA5D",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7131:*:*:*:*:*:*",
                    "matchCriteriaId": "34A48841-EA09-4917-A6FF-DF645B581426",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7140:*:*:*:*:*:*",
                    "matchCriteriaId": "1C042646-9D36-4712-9E5D-40E55FCF7C24",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7141:*:*:*:*:*:*",
                    "matchCriteriaId": "9E6CD67A-7F5A-4F29-B563-7E4D72A1149F",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7150:*:*:*:*:*:*",
                    "matchCriteriaId": "77A0C792-A8B7-48F8-9AD7-96B0CBAD4EBF",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7151:*:*:*:*:*:*",
                    "matchCriteriaId": "7E53B3CB-4351-4E24-B80C-D62CC483D4D7",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7160:*:*:*:*:*:*",
                    "matchCriteriaId": "0068E901-62D2-4C4D-96F8-7823B0DF7DA8",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7161:*:*:*:*:*:*",
                    "matchCriteriaId": "CF70BA56-3478-4DA5-B013-4D9B820D2219",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7162:*:*:*:*:*:*",
                    "matchCriteriaId": "28E1833F-24C8-44EC-9B66-4D832AB1C9AD",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7163:*:*:*:*:*:*",
                    "matchCriteriaId": "7DCA2AF7-8732-4095-BB6F-6F40EADD7449",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7170:*:*:*:*:*:*",
                    "matchCriteriaId": "54247785-E55A-407D-A667-1734E7C84DF8",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7171:*:*:*:*:*:*",
                    "matchCriteriaId": "5C8887B2-D378-4A7D-B678-9B2C68953E76",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7180:*:*:*:*:*:*",
                    "matchCriteriaId": "ADD4EAD7-275A-4467-9217-102051BE49C6",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7181:*:*:*:*:*:*",
                    "matchCriteriaId": "8181AF41-779F-4289-BECE-03C2731FDA21",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7182:*:*:*:*:*:*",
                    "matchCriteriaId": "2BFB486E-9256-4B56-98BF-24B5A56415A2",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "Zoho ManageEngine ADManager Plus version 7182 and prior disclosed the default passwords for the account restoration of unauthorized domains to the authenticated users."
          },
          {
            "lang": "es",
            "value": "ADManager Plus versi\u00f3n 7182 y anteriores de ManageEngine de Zoho divulgaron las contrase\u00f1as predeterminadas para la restauraci\u00f3n de cuentas de dominios no autorizadas a los usuarios autenticados."
          }
        ],
        "id": "CVE-2023-31492",
        "lastModified": "2024-02-13T23:15:08.187",
        "metrics": {
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "exploitabilityScore": 2.8,
              "impactScore": 3.6,
              "source": "nvd@nist.gov",
              "type": "Primary"
            }
          ]
        },
        "published": "2023-08-17T23:15:09.167",
        "references": [
          {
            "source": "cve@mitre.org",
            "url": "http://packetstormsecurity.com/files/177091/ManageEngine-ADManager-Plus-Recovery-Password-Disclosure.html"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Exploit",
              "Third Party Advisory"
            ],
            "url": "https://github.com/passtheticket/vulnerability-research/blob/main/manage-engine-apps/admanager-recovery-password-disclosure.md"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Vendor Advisory"
            ],
            "url": "https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2023-31492.html"
          }
        ],
        "sourceIdentifier": "cve@mitre.org",
        "vulnStatus": "Modified",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-522"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          }
        ]
      }
    }
  }
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2023-31492 (GCVE-0-2023-31492)

BDU:2023-04941

FKIE_CVE-2023-31492

GHSA-JRP3-72M5-5JPJ

GSD-2023-31492

Tags

Sightings

Nomenclature