CVE-2023-31492

Zoho ManageEngine ADManager Plus version 7182 and prior disclosed the default passwords for the account restoration of unauthorized domains to the authenticated users.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
http://packetstormsecurity.com/files/177091/ManageEngine-ADManager-Plus-Recovery-Password-Disclosure.html
https://github.com/passtheticket/vulnerability-research/blob/main/manage-engine-apps/admanager-recovery-password-disclosure.md	Exploit Third Party Advisory
https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2023-31492.html	Vendor Advisory
http://packetstormsecurity.com/files/177091/ManageEngine-ADManager-Plus-Recovery-Password-Disclosure.html
https://github.com/passtheticket/vulnerability-research/blob/main/manage-engine-apps/admanager-recovery-password-disclosure.md	Exploit Third Party Advisory
https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2023-31492.html	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:zohocorp:manageengine_admanager_plus::::::::
	cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:-::::::
	cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7100::::::
	cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7101::::::
	cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7102::::::
	cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7110::::::
	cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7111::::::
	cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7112::::::
	cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7113::::::
	cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7114::::::
	cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7115::::::
	cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7116::::::
	cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7117::::::
	cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7118::::::
	cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7120::::::
	cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7121::::::
	cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7122::::::
	cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7123::::::
	cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7124::::::
	cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7125::::::
	cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7126::::::
	cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7130::::::
	cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7131::::::
	cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7140::::::
	cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7141::::::
	cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7150::::::
	cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7151::::::
	cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7160::::::
	cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7161::::::
	cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7162::::::
	cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7163::::::
	cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7170::::::
	cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7171::::::
	cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7180::::::
	cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7181::::::
	cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7182::::::

History

21 Nov 2024, 08:01

Type	Values Removed	Values Added
References	~~() http://packetstormsecurity.com/files/177091/ManageEngine-ADManager-Plus-Recovery-Password-Disclosure.html -~~	() http://packetstormsecurity.com/files/177091/ManageEngine-ADManager-Plus-Recovery-Password-Disclosure.html -
References	~~() https://github.com/passtheticket/vulnerability-research/blob/main/manage-engine-apps/admanager-recovery-password-disclosure.md - Exploit, Third Party Advisory~~	() https://github.com/passtheticket/vulnerability-research/blob/main/manage-engine-apps/admanager-recovery-password-disclosure.md - Exploit, Third Party Advisory
References	~~() https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2023-31492.html - Vendor Advisory~~	() https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2023-31492.html - Vendor Advisory

13 Feb 2024, 23:15

Type	Values Removed	Values Added
References		() http://packetstormsecurity.com/files/177091/ManageEngine-ADManager-Plus-Recovery-Password-Disclosure.html -

23 Aug 2023, 18:09

Type	Values Removed	Values Added
References	~~(MISC) https://github.com/passtheticket/vulnerability-research/blob/main/manage-engine-apps/admanager-recovery-password-disclosure.md -~~	(MISC) https://github.com/passtheticket/vulnerability-research/blob/main/manage-engine-apps/admanager-recovery-password-disclosure.md - Exploit, Third Party Advisory
References	~~(MISC) https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2023-31492.html -~~	(MISC) https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2023-31492.html - Vendor Advisory
First Time		Zohocorp manageengine Admanager Plus Zohocorp
CPE		cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7170:::::: cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7150:::::: cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:-:::::: cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7113:::::: cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7161:::::: cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7118:::::: cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7120:::::: cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7131:::::: cpe:2.3:a:zohocorp:manageengine_admanager_plus:::::::: cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7123:::::: cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7171:::::: cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7102:::::: cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7163:::::: cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7125:::::: cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7182:::::: cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7117:::::: cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7115:::::: cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7141:::::: cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7121:::::: cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7112:::::: cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7100:::::: cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7111:::::: cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7116:::::: cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7101:::::: cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7151:::::: cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7181:::::: cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7122:::::: cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7114:::::: cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7126:::::: cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7130:::::: cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7124:::::: cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7110:::::: cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7140:::::: cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7160:::::: cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7180:::::: cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7162::::::
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 6.5
CWE		CWE-522

22 Aug 2023, 22:15

Type	Values Removed	Values Added
References		(MISC) https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2023-31492.html -
Summary	~~Incorrect access control in Zoho ManageEngine ADManager Plus Build 7180 allows unauthenticated attackers to view user passwords after executing backup or recovery operations on user accounts.~~	Zoho ManageEngine ADManager Plus version 7182 and prior disclosed the default passwords for the account restoration of unauthorized domains to the authenticated users.

17 Aug 2023, 23:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-08-17 23:15

Updated : 2024-11-21 08:01

NVD link : CVE-2023-31492

Mitre link : CVE-2023-31492

CVE.ORG link : CVE-2023-31492

JSON object : View

Products Affected

zohocorp

manageengine_admanager_plus

CWE

CWE-522

Insufficiently Protected Credentials

6.5 /10