Phone Live Chat
US: +1 888 720 9500
US: +1 800 443 6694
Intl: +1 925 924 9500
Aus: +1 800 631 268
UK: 0800 028 6590
CN: +86 400 660 8680

Direct Inward Dialing: +1 408 916 9393

Knowledge Base

[FIXED] Authenticated RCE vulnerability - ManageEngine ADManager Plus

Vulnerability details
Severity Low
CVE ID CVE-2022-42904
Affected software versions Build 7151 and older
Fixed version Build 7160
Fixed on September 26, 2022


ADManager Plus builds 7151 and older were reported to have an authenticated remote code execution vulnerability. This has been fixed in the build 7160; its release notes can be found here.


An authenticated user with admin privileges can remotely execute codes on the machine where ADManager Plus is installed.

Steps to update

Update your ADManager Plus instance to its latest build by installing the service pack.


This issue was reported by George Koumettou via the Zoho Bug Bounty Program.


Request Support

Need further assistance? Fill this form, and we'll contact you rightaway.

  • Name
  • Email*
  • Phone Number
  • Country
  • Problem Description
    By clicking 'Submit', you agree to processing of personal data according to the Privacy Policy.

Select a language to translate the contents of this web page:

ADManager Plus Trusted By

The one-stop solution to Active Directory Management and Reporting
Email Download Link