The latest build of ADSelfService Plus, 6114, has been released, and it fixes the authentication bypass vulnerability [CVE-2021-40539], apart from bringing new features and improvements. Below is a list of all the updates:
Security Issue Fix:
An authentication bypass vulnerability affecting REST API URLs, that could result in Remote Code Execution, has now been fixed. [CVE-2021-40539]
Note: As we are noticing indications of exploitation of this vulnerability, we strongly advise customers to update their installations to the latest build as soon as possible.
SAML SSO support for ServiceDesk Plus: ADSelfService Plus now supports single-sign on (SSO) to the on-premises version of ManageEngine ServiceDesk Plus.
Migrated from JavaPNS to Pushy library (v0.14.1) and from NotNoop to Pushy library (v0.14.1), for sending iOS notifications and pushing the mobile application respectively, when the MDM profile is installed.
How to update?You can update to the latest build using the service pack. Instructions on how to install the service pack are also given on the page.