CVE-2023-28342

Name of the Vulnerable Software and Affected Versions Zoho ManageEngine ADManager Plus (affected versions not specified) Zoho ManageEngine ADSelfService Plus versions prior to 6218

Description The issue is related to insufficient input validation in the DomainUserSSPLogonAuth method of the Zoho ManageEngine ADManager Plus software for managing Active Directory services. This can be exploited by a remote attacker to cause a denial-of-service. The vulnerability can be triggered via the Mobile App Authentication API.

Recommendations For Zoho ManageEngine ADManager Plus, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Zoho ManageEngine ADSelfService Plus versions prior to 6218, update to version 6218 or later to resolve the issue. As a temporary workaround, consider restricting access to the Mobile App Authentication API to minimize the risk of exploitation.