Support
 
PhoneGet Quote
 
Support
 
US Sales: +1 888 720 9500
US Support: +1 844 245 1108
Intl: +1 925 924 9500
Aus: +1 800 631 268
UK: 0800 028 6590
CN: +86 400 660 8680

Direct Inward Dialing: +1 408 916 9890

 
 

How to identify and mitigate the unauthenticated product integration vulnerability

Some versions of M365 Manager Plus have the unauthenticated change to integration system vulnerability. This article explains how you can identify if your M365 Manager Plus installation is affected, and fix it. It also offers the mitigation steps to protect your installation in case it is not affected.

What is the issue?

M365 Manager Plus had a vulnerable endpoint which allowed a user to integrate M365 Manager Plus with any other supported ManageEngine product, bypassing authentication. This could lead to data leak.

Which version of M365 Manager Plus is affected?

All M365 Manager Plus builds below 4333 are affected.

What is the severity level of the vulnerability?

This is a critical issue. As this vulnerability could be exploited without authentication, from any publicly exposed M365 Manager Plus installation, the risks posed could be critical.

Is there a fix for this issue?

Update the product to the latest build, 4334, using the service pack.

If you need further information, have any questions, or face any difficulties upgrading or performing the recommended steps, please get in touch with us at m365managerplus-support@manageengine.com, or +1-844-245-1108 (toll free).

 

Request Support

Need further assistance? Fill this form, and we'll contact you rightaway.

A holistic Microsoft 365 administration solution