How to mitigate the authentication bypass vulnerability in ADManager Plus?

An authentication bypass vulnerability (CVE-2021-42002) leading to a file-upload remote code execution in ManageEngine ADManager Plus has been addressed recently. This article explains the vulnerability and the steps to fix it.

What is the issue?

An authentication bypass vulnerability that could lead to a file-upload remote code execution.

Whom does it affect?

Users with ADManager Plus builds 7114 and earlier are affected.

What is the severity level of this vulnerability?

This is a critical vulnerability.

How to protect your ADManager Plus installation?

If you use ADManager Plus builds 7114 or earlier versions, please upgrade the product to the latest build by following these steps:

1. Shut down the product.
2. Restore from a previous backup, to undo unnecessary or unauthorized changes.
3. Update the product to the latest build, 7117. Download the service pack from here. You can download the complete build from here.
4. Restart ADManager Plus.

Support:

If you need additional information, face issues in performing the recommended steps, or need help in upgrading your instance to the latest build, please write to us at support@admanagerplus.com. You can also call us at +1-312-471-2233 (toll-free).