ADSelfService Plus 6104 released with an important security fixes

ADSelfService Plus 6104 released with an important security fixes

Hello everyone,

We are glad to announce the release of build 6104 with the following vulnerability issue fixes:

Vulnerability issue fixes:
  • A vulnerability that in rare cases allowed bypassing CAPTCHA in the ADSelfService Plus login page has been fixed.
  • A rare Cross-Site Scripting attack vulnerability in the e-mail address field used in the employee search feature has been fixed. (Reporter: Matt CVE-ID: CVE-2021-27956))
  • A vulnerability that in rare cases can cause Reflected Cross-Site Scripting attacks has been fixed.
  • A vulnerability that in rare cases let attackers expose information about the database application configured for password sync has been fixed [CVE-2021-31874].
  • A vulnerability that in rare cases let attackers bypass the ADSelfService Plus' admin portal access restriction based on IP addresses has been fixed.
How to update?
Update using the service pack.

New to ADSelfService Plus?
Download  the fully functional 30-day free trial now.

Regards,
ADSelfService Plus Team
Toll Free: +1-84-245-1104
Direct: +1-408-916-9890