| Vulnerability details | |
| Severity | Medium |
| CVE ID | CVE-2023-35785 |
| Affected software versions | Build 4315 and older |
| Fixed version | Build 4316 |
| Fixed on | June 20, 2023 |
A security vulnerability, CVE-2023-35785, leading to the bypass of 2FA during AD360 login, was found and fixed in build 4316. Please find the latest release notes here.
An authenticated user with admin privileges can bypass 2FA to access critical resources and perform unauthorized actions using AD360.
Update your AD360 instance to its latest build by installing the service pack.
This issue was reported by dalt4sec through the Zoho BugBounty program.
