Some versions of ADAudit Plus have the unauthenticated change to integration system vulnerability. This article explains how you can identify if your ADAudit Plus installation is affected, and fix it. It also offers the mitigation steps to protect your installation in case it is not affected.
What is the issue?
ADAudit Plus had a vulnerable endpoint which allowed a user to integrate ADAudit Plus with any other supported ManageEngine product, bypassing authentication. This could lead to a data leak.
Which version of ADAudit Plus is affected?
All ADAudit Plus builds below 6052 are affected.
What is the severity level of the vulnerability?
This is a critical issue. As this vulnerability could be exploited without authentication from any publicly exposed ADAudit Plus installation, the risks posed could be critical.
Is there a fix for this issue?
Yes, simply update the product to the latest build, 6052, using this service pack.