Wiz
Vulnerability DatabaseCVE-2023-38332

CVE-2023-38332
Zoho ManageEngine ADManager Plus vulnerability analysis and mitigation

Overview

Zoho ManageEngine ADManager Plus through version 7201 contains a security vulnerability (CVE-2023-38332) that allows authenticated users to take over another user's account through sensitive information disclosure. The vulnerability was discovered and reported by dalt4sec via Zoho's Bug Bounty program and was fixed in build 7202 released on July 01, 2023 (Vendor Advisory).

Technical details

The vulnerability has been assigned a CVSS v3.1 Base Score of 6.5 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. This indicates that the vulnerability requires network access and low privileges to exploit, requires no user interaction, and can result in high confidentiality impact (NVD).

Impact

The vulnerability allows 2FA-enabled technicians to gain unauthorized access to other privileged accounts by crafting an API request, potentially compromising the security of privileged user accounts in the system (Vendor Advisory).

Mitigation and workarounds

Organizations using affected versions of ADManager Plus should immediately update their installation to build 7202 or later by installing the service pack. This update addresses the vulnerability and prevents unauthorized account access (Vendor Advisory).

Additional resources

SourceThis report was generated using AI

Related Zoho ManageEngine ADManager Plus vulnerabilities:

CVE ID

Severity

Score

Technologies

Component name

CISA KEV exploit

Has fix

Published date

CVE-2025-10020HIGH8.8
  • Zoho ManageEngine ADManager PlusZoho ManageEngine ADManager Plus
  • cpe:2.3:a:zohocorp:manageengine_admanager_plus
NoNoOct 21, 2025
CVE-2024-24409HIGH8.8
  • Zoho ManageEngine ADManager PlusZoho ManageEngine ADManager Plus
  • cpe:2.3:a:zohocorp:manageengine_admanager_plus
NoNoNov 08, 2024
CVE-2024-48878HIGH8.8
  • Zoho ManageEngine ADManager PlusZoho ManageEngine ADManager Plus
  • cpe:2.3:a:zohocorp:manageengine_admanager_plus
NoNoNov 04, 2024
CVE-2023-6105MEDIUM5.5
  • Zoho ManageEngine ServiceDesk PlusZoho ManageEngine ServiceDesk Plus
  • cpe:2.3:a:zohocorp:manageengine_pam360
NoYesNov 15, 2023
CVE-2025-11670MEDIUM4.3
  • Zoho ManageEngine ADManager PlusZoho ManageEngine ADManager Plus
  • cpe:2.3:a:zohocorp:manageengine_admanager_plus
NoYesDec 15, 2025

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

Cloud Threat Landscape

A threat intelligence database

PEACH

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo