CVE-2023-32783

HIGH Year: 2023
CVSS v3 Score
7.5
High
Weakness Type
CWE-863
View all →

Vulnerability Description

The event analysis component in Zoho ManageEngine ADAudit Plus 7.1.1 allows an attacker to bypass audit detection by creating or renaming user accounts with a "$" symbol suffix. NOTE: the vendor states "We do not consider this as a security bug and it's an expected behaviour."

Related Vulnerabilities

CVE-2006-6679

HIGH
CVSS:7.5(High)

Pedro Lineu Orso chetcpasswd before 2.4 relies on the X-Forwarded-For HTTP header when verifying a client's status on an IP address ACL, which allows remote attackers to gain unauthorized access by sp...

CWE-8632006

CVE-2008-4577

HIGH
CVSS:7.5(High)

The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions.

CWE-8632008

CVE-2011-2726

HIGH
CVSS:7.5(High)

An access bypass issue was found in Drupal 7.x before version 7.5. If a Drupal site has the ability to attach File upload fields to any entity type in the system or has the ability to point individual...

CWE-8632011

CVE-2012-2238

HIGH
CVSS:7.5(High)

trytond 2.4: ModelView.button fails to validate authorization

CWE-8632012

CVE-2012-3822

HIGH
CVSS:7.5(High)

Arial Campaign Enterprise before 11.0.551 has unauthorized access to the User-Edit.asp page, which allows remote attackers to enumerate users' credentials.

CWE-8632012