Direct Inward Dialing: +1 408 916 9393
|CVE ID||CVE- 2023-35786|
|Affected software versions||Build 7182 and older|
|Fixed version||Build 7183|
|Fixed on||March 15, 2023|
ADManager Plus builds 7182 and older were reported to have an authenticated XML external entity injection vulnerability. This has been fixed in the build 7183; its release notes can be found here.
Authenticated administrators were able to perform XXE attacks and view files in servers running the affected product versions.
Update your ADManager Plus instance to its latest build by installing the service pack.
This issue was reported by r00t4dm via Zoho's Bug Bounty program.
Select a language to translate the contents of this web page:
Fill this form, and we'll contact you rightaway.
Our technical support team will get in touch with you at the earliest."