PT-2023-26367 · Zoho · Zoho Manageengine Admanager Plus
Dalt4Sec
·
Published
2023-08-04
·
Updated
2023-08-09
·
CVE-2023-38332
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Zoho ManageEngine ADManager Plus versions through 7201
Description
The issue allows authenticated users to take over another user's account via sensitive information disclosure. This can potentially lead to unauthorized access and control of user accounts.
Recommendations
For versions through 7201, update to a version that contains a fix for this issue to prevent sensitive information disclosure and unauthorized account takeovers.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Zoho Manageengine Admanager Plus