CVE-2023-31492

Summary

CVE	CVE-2023-31492
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2023-08-17 23:15:00 UTC
Updated	2023-08-23 18:09:00 UTC
Description	Zoho ManageEngine ADManager Plus version 7182 and prior disclosed the default passwords for the account restoration of unauthorized domains to the authenticated users.

Risk And Classification

Problem Types: CWE-522

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Zohocorp	Manageengine Admanager Plus	All	All	All	All
Application	Zohocorp	Manageengine Admanager Plus	7.1	-	All	All
Application	Zohocorp	Manageengine Admanager Plus	7.1	7100	All	All
Application	Zohocorp	Manageengine Admanager Plus	7.1	7101	All	All
Application	Zohocorp	Manageengine Admanager Plus	7.1	7102	All	All
Application	Zohocorp	Manageengine Admanager Plus	7.1	7110	All	All
Application	Zohocorp	Manageengine Admanager Plus	7.1	7111	All	All
Application	Zohocorp	Manageengine Admanager Plus	7.1	7112	All	All
Application	Zohocorp	Manageengine Admanager Plus	7.1	7113	All	All
Application	Zohocorp	Manageengine Admanager Plus	7.1	7114	All	All
Application	Zohocorp	Manageengine Admanager Plus	7.1	7115	All	All
Application	Zohocorp	Manageengine Admanager Plus	7.1	7116	All	All
Application	Zohocorp	Manageengine Admanager Plus	7.1	7117	All	All
Application	Zohocorp	Manageengine Admanager Plus	7.1	7118	All	All
Application	Zohocorp	Manageengine Admanager Plus	7.1	7120	All	All
Application	Zohocorp	Manageengine Admanager Plus	7.1	7121	All	All
Application	Zohocorp	Manageengine Admanager Plus	7.1	7122	All	All
Application	Zohocorp	Manageengine Admanager Plus	7.1	7123	All	All
Application	Zohocorp	Manageengine Admanager Plus	7.1	7124	All	All
Application	Zohocorp	Manageengine Admanager Plus	7.1	7125	All	All
Application	Zohocorp	Manageengine Admanager Plus	7.1	7126	All	All
Application	Zohocorp	Manageengine Admanager Plus	7.1	7130	All	All
Application	Zohocorp	Manageengine Admanager Plus	7.1	7131	All	All
Application	Zohocorp	Manageengine Admanager Plus	7.1	7140	All	All
Application	Zohocorp	Manageengine Admanager Plus	7.1	7141	All	All
Application	Zohocorp	Manageengine Admanager Plus	7.1	7150	All	All
Application	Zohocorp	Manageengine Admanager Plus	7.1	7151	All	All
Application	Zohocorp	Manageengine Admanager Plus	7.1	7160	All	All
Application	Zohocorp	Manageengine Admanager Plus	7.1	7161	All	All
Application	Zohocorp	Manageengine Admanager Plus	7.1	7162	All	All
Application	Zohocorp	Manageengine Admanager Plus	7.1	7163	All	All
Application	Zohocorp	Manageengine Admanager Plus	7.1	7170	All	All
Application	Zohocorp	Manageengine Admanager Plus	7.1	7171	All	All
Application	Zohocorp	Manageengine Admanager Plus	7.1	7180	All	All
Application	Zohocorp	Manageengine Admanager Plus	7.1	7181	All	All
Application	Zohocorp	Manageengine Admanager Plus	7.1	7182	All	All

References

Reference	Source	Link	Tags
ADManager Plus Build 7180 - Recovery Password Disclosure - ZVE-2023-0176 - CVE-2023-31492	MISC	github.com
Information Disclosure Vulnerability in ADManager Plus \| CVE-2023-31492	MISC	www.manageengine.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.