Loading
Zoho ManageEngine ADSelfService Plus through 6113 has an authentication bypass that can be exploited to steal the domain controller session token for identity spoofing, thereby achieving the privileges of the domain controller administrator. NOTE: the vendor's perspective is that they have "found no evidence or detail of a security vulnerability."
Use CWE-306, Zohocorp vendor hub and Manageengine Adselfservice Plus product page to widen CVE-2023-35854 into its surrounding weakness, vendor, and product context.
Compare it with CVE-2022-47966, CVE-2025-11250 and CVE-2022-36413 for nearby disclosures in the same product family.