Direct Inward Dialing: +1 408 916 9892
Affected Software Version(s): All ADAudit Plus builds below 7060
Fixed Version(s): Build 7060
Fixed on: 30th March, 2022
Details: ManageEngine ADAudit Plus had vulnerable endpoints that allowed an unauthenticated attacker to exploit XML External Entities (XXE), Java deserialization and path traversal vulnerabilities. The chain could be leveraged to unauthenticated remote code execution. This issue has been fixed.
Impact: An unauthenticated attacker would be able to remotely execute an arbitrary code in the ADAudit Plus server.
Steps to upgrade: Update your ADAudit Plus instance to build 7060 using the service pack.
Acknowledgments: This issue was reported by Naveen Sunkavally at Horizon3.ai.
Please contact email@example.com for more details.