CVE-2023-22964

Zoho ManageEngine ServiceDesk Plus MSP before 10611, and 13x before 13004, is vulnerable to authentication bypass when LDAP authentication is enabled.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10600:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10601:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10602:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10603:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10604:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10605:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10606:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10607:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10608:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10609:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10610:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:13.0:13000:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:13.0:13001:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:13.0:13002:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:13.0:13003:*:*:*:*:*:*

History

21 Nov 2024, 07:45

Type Values Removed Values Added
Summary
  • (es) Zoho ManageEngine ServiceDesk Plus MSP anterior a 10611 y 13x anterior a 13004 es vulnerable a la omisión de autenticación cuando la autenticación LDAP está habilitada.
References () https://manageengine.com - Product () https://manageengine.com - Product
References () https://www.manageengine.com/products/service-desk-msp/cve-2023-22964.html - Vendor Advisory () https://www.manageengine.com/products/service-desk-msp/cve-2023-22964.html - Vendor Advisory

Information

Published : 2023-01-20 17:15

Updated : 2024-11-21 07:45


NVD link : CVE-2023-22964

Mitre link : CVE-2023-22964

CVE.ORG link : CVE-2023-22964


JSON object : View

Products Affected

zohocorp

  • manageengine_servicedesk_plus_msp
CWE
CWE-287

Improper Authentication