Support
 
Phone Get Quote
 
Support
 
US: +1 888 720 9500
US: +1 888 791 1189
Intl: +1 925 924 9500
Aus: +1 800 631 268
UK: 0800 028 6590
CN: +86 400 660 8680

Direct Inward Dialing: +1 408 916 9892

Security Updates

[CVE-2022-28219] Unauthenticated Remote Code Execution vulnerability fixed in build 7060

Severity: Critical

CVEID: CVE-2022-28219

Affected Software Version(s): All ADAudit Plus builds below 7060

Fixed Version(s): Build 7060

Fixed on: 30th March, 2022

Details: ManageEngine ADAudit Plus had vulnerable endpoints that allowed an unauthenticated attacker to exploit XML External Entities (XXE), Java deserialization and path traversal vulnerabilities. The chain could be leveraged to unauthenticated remote code execution. This issue has been fixed.

Impact: An unauthenticated attacker would be able to remotely execute an arbitrary code in the ADAudit Plus server.

Steps to upgrade: Update your ADAudit Plus instance to build 7060 using the service pack.

Acknowledgments: This issue was reported by Naveen Sunkavally at Horizon3.ai.

Please contact support@adauditplus.com for more details.

ADAudit Plus Trusted By