CVE-2023-35785

Name of the Vulnerable Software and Affected Versions Zoho ManageEngine Active Directory 360 versions 4315 and below Zoho ManageEngine ADAudit Plus versions 7202 and below Zoho ManageEngine ADManager Plus versions 7200 and below Zoho ManageEngine Asset Explorer versions 6993 and below Zoho ManageEngine Asset Explorer versions 7002 and below Zoho ManageEngine Cloud Security Plus versions 4161 and below Zoho ManageEngine Data Security Plus versions 6110 and below Zoho ManageEngine Eventlog Analyzer versions 12301 and below Zoho ManageEngine Exchange Reporter Plus versions 5709 and below Zoho ManageEngine Log360 versions 5315 and below Zoho ManageEngine Log360 UEBA versions 4045 and below Zoho ManageEngine M365 Manager Plus versions 4529 and below Zoho ManageEngine M365 Security Plus versions 4529 and below Zoho ManageEngine Recovery Manager Plus versions 6061 and below Zoho ManageEngine ServiceDesk Plus versions 14204 and below Zoho ManageEngine ServiceDesk Plus versions 14302 and below Zoho ManageEngine ServiceDesk Plus MSP versions 14300 and below Zoho ManageEngine SharePoint Manager Plus versions 4402 and below Zoho ManageEngine Support Center Plus versions 14300 and below

Description The issue allows an adversary to bypass two-factor authentication and take over the victim's account. A valid pair of username and password is required to leverage this issue. The vulnerability is related to 2FA bypass via a few TOTP authenticators.

Recommendations For Zoho ManageEngine Active Directory 360 versions 4315 and below, update to a version above 4315. For Zoho ManageEngine ADAudit Plus versions 7202 and below, update to a version above 7202. For Zoho ManageEngine ADManager Plus versions 7200 and below, update to a version above 7200. For Zoho ManageEngine Asset Explorer versions 6993 and below, update to a version above 6993. For Zoho ManageEngine Asset Explorer versions 7002 and below, update to a version above 7002. For Zoho ManageEngine Cloud Security Plus versions 4161 and below, update to a version above 4161. For Zoho ManageEngine Data Security Plus versions 6110 and below, update to a version above 6110. For Zoho ManageEngine Eventlog Analyzer versions 12301 and below, update to a version above 12301. For Zoho ManageEngine Exchange Reporter Plus versions 5709 and below, update to a version above 5709. For Zoho ManageEngine Log360 versions 5315 and below, update to a version above 5315. For Zoho ManageEngine Log360 UEBA versions 4045 and below, update to a version above 4045. For Zoho ManageEngine M365 Manager Plus versions 4529 and below, update to a version above 4529. For Zoho ManageEngine M365 Security Plus versions 4529 and below, update to a version above 4529. For Zoho ManageEngine Recovery Manager Plus versions 6061 and below, update to a version above 6061. For Zoho ManageEngine ServiceDesk Plus versions 14204 and below, update to a version above 14204. For Zoho ManageEngine ServiceDesk Plus versions 14302 and below, update to a version above 14302. For Zoho ManageEngine ServiceDesk Plus MSP versions 14300 and below, update to a version above 14300. For Zoho ManageEngine SharePoint Manager Plus versions 4402 and below, update to a version above 4402. For Zoho ManageEngine Support Center Plus versions 14300 and below, update to a version above 14300.