ADSelfService Plus 6114 Security Fix Release

ADSelfService Plus 6114 Security Fix Release

Hello Everyone,

The latest build of ADSelfService Plus, 6114, fixes an important vulnerability and introducing below feature and enhancement:

Security Issue Fix: 
  • An authentication bypass vulnerability affecting REST API URLs, that could result in Remote Code Execution, has now been fixed. [CVE-2021-40539]
            Severity: Critical
            Note: As we notice indications of exploitation of this vulnerability, customers are requested to update the software to the latest version as soon as possible.

Feature:
  • SAML SSO support for ServiceDesk Plus: ADSelfService Plus now supports single-sign on  (SSO) to the on-premises version of ManageEngine ServiceDesk Plus.
Enhancement:
  • Migrated from JavaPNS to Pushy library (v0.14.1) and from NotNoop to Pushy library (v0.14.1), for sending iOS notifications and  pushing the mobile application respectively, when the MDM profile is installed.

How to update?
Update using the service pack.

New to ADSelfService Plus?
Download the fully functional 30-day free trial now