Support
 
Phone Live Chat
 
Support
 
US: +1 888 720 9500
US: +1 800 443 6694
Intl: +1 925 924 9500
Aus: +1 800 631 268
UK: 0800 028 6590
CN: +86 400 660 8680

Direct Inward Dialing: +1 408 916 9393

 
 
 
 
 
Knowledge Base
Active Directory Management » Knowledge Base

How to identify and combat unrestricted file upload, path traversal and broken authentication vulnerabilities in ADManager Plus

ADManager Plus builds have been reported to suffer unrestricted file upload, path traversal and broken authentication vulnerabilities, leading to potential unauthenticated remote code execution. For more information on these vulnerabilities and their respective CVE IDs, please refer to our ADManager Plus 7111 release notes here. This article explains these issues and the steps to follow to secure your ADManager Plus instance.

What is the issue?

Unrestricted file upload and path traversal vulnerabilities in ManageEngine ADManager Plus allow unauthenticated remote code execution by an attacker. As a result, an attacker can execute any code of their choice on a remote machine with administrator/system privileges, without authentication.

Whom does it affect?

All users using ADManager Plus versions below 7111.

What is the severity level of this vulnerability?

This is a critical vulnerability.

How to prevent my instance from getting compromised?

To prevent your ADManager Plus installation from getting compromised, you can either upgrade the product to the latest build, which we strongly recommend, or follow the mitigation steps.

Option 1: Update your ADManager Plus

To update your ADManager Plus instance, download the service pack from this page and follow the instructions given on the page to install the new service pack.

Option 2: Follow these Mitigation steps

Step 1: Disable SAML Authentication. To do this, login to your ADManager Plus console and go to Delegation > Configuration > Logon Settings > Single Sign On. Disable the 'Enable Single Sign-on with Active Directory' option and click Save.

Step 2: Stop ADManager Plus.

Step 3: Take a backup of web.xml from ADManager Plus\webapps\adsm\WEB-INF.

Step 4: Add the below snippet in web.xml before </web-app>

<security-constraint>
<web-resource-collection>
<url-pattern>/WC/*</url-pattern>
<url-pattern>/RestAPI/SmartCard/*</url-pattern>
<url-pattern>/ADMPSmartCardConfig.do</url-pattern>
<url-pattern>/RestAPI/WC/SmartCard/*</url-pattern>
<url-pattern>/SmartCardConfig.do</url-pattern>
<url-pattern>/RestAPI/WC/NotificationTemplate/attachFiles/*</url-pattern>
<url-pattern>/ModifyUserPhoto.do</url-pattern>
<url-pattern>/RestAPI/WC/PasswordExpiryNotification/*</url-pattern>
<url-pattern>/RestAPI/WC/Personalize/*</url-pattern>
<url-pattern>/RestAPI/WC/License/*</url-pattern>
<url-pattern>/ChangeDBAPI.do</url-pattern>
<url-pattern>/servlet/ProductConfig/*</url-pattern>
<url-pattern>*.jsp</url-pattern>
</web-resource-collection>
<auth-constraint />
</security-constraint>

Step 5: Start ADManager Plus.

The above mitigation steps might impact these functionalities in your instance:

  1. Smart card configuration (Smart card authentication feature will function normally).
  2. Bulk modification of photos.
  3. Scheduler notifications in the Microsoft 365 tab.
  4. Few integration configurations.

 

Select a language to translate the contents of this web page:

Need further assistance?

Fill this form, and we'll contact you rightaway.

Request Support

  •  
  • *
     
  • *
     
  • *
     
  • By submitting you agree to processing of personal data according to the Privacy Policy.

"Thank you for submitting your request.

Our technical support team will get in touch with you at the earliest."

ADManager Plus Trusted By

The one-stop solution to Active Directory Management and Reporting
Highlights AD Management Active Directory Reports Exchange Management Popular products
Email Download Link email-download-top