Vulnerabilities > CVE-2023-32783 - Incorrect Authorization vulnerability in Zohocorp Manageengine Adaudit Plus 7.1.1

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

zohocorp

CWE-863

NVD

Published: 2023-08-07

Updated: 2024-04-11

Summary

The event analysis component in Zoho ManageEngine ADAudit Plus 7.1.1 allows an attacker to bypass audit detection by creating or renaming user accounts with a "$" symbol suffix. NOTE: the vendor states "We do not consider this as a security bug and it's an expected behaviour."

Vulnerable Configurations

Part	Description	Count
Application	Zohocorp Zohocorp Manageengine Adaudit Plus 7.1.1	1
OS	Microsoft Microsoft Windows -	1

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

References

https://www.peteslade.com/post/manageengine-adauditplus-cve-2023-32783