CVE-2023-35719

Name of the Vulnerable Software and Affected Versions ManageEngine ADSelfService Plus (affected versions not specified)

Description This issue allows physically present attackers to execute arbitrary code on affected installations of ManageEngine ADSelfService Plus. Authentication is not required to exploit this issue. The specific flaw exists within the Password Reset Portal used by the GINA client, resulting from the lack of proper authentication of data received via HTTP. An attacker can leverage this issue to bypass authentication and execute code in the context of SYSTEM.

Recommendations At the moment, there is no information about a newer version that contains a fix for this issue.