ADManager Plus security advisory regarding unrestricted file upload, path traversal and broken authentication vulnerabilities (CVE-2021-37539)

ADManager Plus security advisory regarding unrestricted file upload, path traversal and broken authentication vulnerabilities (CVE-2021-37539)

Hi,
We wanted to let you know that unrestricted file upload, path traversal and broken authentication, leading to potential unauthenticated remote code execution (CVE-2021-37539), have been detected in ADManager Plus and we have fixed it build 7111. This article explains these issues and the steps to follow to secure your ADManager Plus instance.

What is the issue?

Unrestricted file upload, path traversal, and broken authentication vulnerabilities in the product allow unauthenticated remote code execution by an attacker. As a result, an attacker can execute any code of their choice on a remote machine with administrator/system privileges, without authentication.

 

Whom does it affect?

All users using ADManager Plus versions below 7111.

 

What is the severity level of this vulnerability?

The is a critical vulnerability.

 

How to prevent my instance from getting compromised?

We strongly recommend that you upgrade to the latest build, 7111. You can download the service pack from here, or get the complete build from here. If for any reason you cannot upgrade immediately, perform the following mitigation steps now, and upgrade to the latest build at the earliest possible.


Step 1: Disable SAML Authentication. To do this, login to your ADManager Plus console and go to Delegation > Configuration > Logon Settings > Single Sign On. Disable the 'Enable Single Sign-on with Active Directory' option and click Save.

 

Step 2: Stop ADManager Plus.

 

Step 3: Take a backup of web.xml from ADManager Plus\webapps\adsm\WEB-INF.

 

Step 4: Add the below snippet in web.xml before </web-app>

 

<security-constraint>

    <web-resource-collection>

        <url-pattern>/WC/*</url-pattern>

        <url-pattern>/RestAPI/SmartCard/*</url-pattern>

        <url-pattern>/ADMPSmartCardConfig.do</url-pattern>

        <url-pattern>/RestAPI/WC/SmartCard/*</url-pattern>

        <url-pattern>/SmartCardConfig.do</url-pattern>

        <url-pattern>/RestAPI/WC/NotificationTemplate/attachFiles/*</url-pattern>

        <url-pattern>/ModifyUserPhoto.do</url-pattern>

        <url-pattern>/RestAPI/WC/PasswordExpiryNotification/*</url-pattern>

        <url-pattern>/RestAPI/WC/Personalize/*</url-pattern>

        <url-pattern>/RestAPI/WC/License/*</url-pattern>

        <url-pattern>/ChangeDBAPI.do</url-pattern>

        <url-pattern>/servlet/ProductConfig/*</url-pattern>

        <url-pattern>*.jsp</url-pattern>

    </web-resource-collection>

    <auth-constraint />

</security-constraint>

 

 

Step 5: Start ADManager Plus.

 

      Note: The above mitigation steps might impact these functionalities in your instance: 

      1) Smart card configuration (Smart card authentication feature will function normally).

      2) Bulk modification of photos.

      3) Scheduler notifications in the Microsoft 365 tab.

      4) Few integration configurations.

 

If you need any additional information or if you face any issues in performing the recommended steps, please get in touch with us right away.

Cheers,
Team ADManager Plus
Toll-Free: +1 888-720-9500