Support
 
Phone Live Chat
 
Support
 
US: +1 888 720 9500
US: +1 800 443 6694
Intl: +1 925 924 9500
Aus: +1 800 631 268
UK: 0800 028 6590
CN: +86 400 660 8680

Direct Inward Dialing: +1 408 916 9393

 
 
 
 
 
Security Updates
Active Directory Management » Security Updates

Local file disclosure vulnerability - ManageEngine ADManager Plus

Vulnerability details
Severity Low
CVE ID CVE- 2023-39912
Affected software versions Build 7202 and older
Fixed version Build 7203
Fixed on July 30, 2023

Details

ADManager Plus builds 7202 and older are reported to have a file disclosure vulnerability where an ADManager Plus help desk technician can read arbitrary files on the machine where ADManager Plus is installed. This has been fixed in the build 7203 and its release notes can be found here.

Impact

The built-in admin can read the arbitrary files on the machine in which ADManager Plus is installed.

Steps to update

Update your ADManager Plus instance to its latest build by installing the service pack.

Acknowledgement

This vulnerability was discovered by Son Nguyen from VNG Security while working with Trend Micro's Zero Day Initiative.

 

Select a language to translate the contents of this web page:

Need further assistance?

Fill this form, and we'll contact you rightaway.

Request Support

  •  
  • *
     
  • *
     
  • *
     
  • By submitting you agree to processing of personal data according to the Privacy Policy.

"Thank you for submitting your request.

Our technical support team will get in touch with you at the earliest."

ADManager Plus Trusted By

The one-stop solution to Active Directory Management and Reporting
Highlights AD Management Active Directory Reports Exchange Management Popular products
Email Download Link email-download-top