How to fix the unauthenticated product integration vulnerability

Hello Everyone,

We wanted to let you know that a security vulnerability was detected in AD360 and we have fixed it. This article explains how you can fix this issue.

What is the issue?

AD360 had a vulnerable endpoint which allowed a user to integrate AD360 with any other supported ManageEngine product, bypassing authentication. This could lead to data leak.

Which version of AD360 is affected?

All AD360 builds below 4228 are affected.

What is the severity level of the vulnerability?

This is a critical issue. As this vulnerability could be exploited without authentication, from any publicly exposed AD360 installation, the risks posed could be critical.

How do I fix this issue?

Update the product to the latest build, 4228, using the service pack.

If you need further information, have any questions, or face any difficulties upgrading or performing the recommended steps, please get in touch with us at ad360-support@manageengine.com, or 1-844-245-1108 (toll free).