How to fix the unauthenticated product integration vulnerability
We wanted to let you know that a security vulnerability was detected in AD360 and we have fixed it. This article explains how you can fix this issue.
What is the issue?
- AD360 had a vulnerable endpoint which allowed a user to integrate AD360 with any other supported ManageEngine product, bypassing authentication. This could lead to data leak.
Which version of AD360 is affected?
- All AD360 builds below 4228 are affected.
What is the severity level of the vulnerability?
- This is a critical issue. As this vulnerability could be exploited without authentication, from any publicly exposed AD360 installation, the risks posed could be critical.
How do I fix this issue?
- Update the product to the latest build, 4228, using the service pack.