M365 Manager Plus 4417 Security Fix Release

M365 Manager Plus 4417 Security Fix Release

Security Advisory 
  • We have fixed an authentication bypass vulnerability affecting a few REST API URLs used for integration in M365 Manager Plus. This article provides more information on the issue and how to resolve it.
What is the issue?
  • An authentication bypass vulnerability affecting a few REST API URLs, that allowed unauthenticated users to access certain REST APIs.
What is the severity of this issue?
  • This is a critical issue.
Which versions of M365 Manager Plus are affected?
  • M365 Manager Plus builds up to 4416 are affected.
How does it impact M365 Manager Plus customers?
  • This vulnerability allows an attacker to gain unauthorized access to the product through REST API endpoints that integrate ManageEngine M365 Manager Plus and ManageEngine AD360 by sending a specially crafted request. This would allow the attacker to carry out subsequent attacks. 
What should I do if my installation is affected?
  • Update M365 Manager Plus to the latest build, 4417, using the service pack.
If you need further information, have any questions, or face any difficulties updating M365 Manager Plus, please get in touch with us at m365managerplus-support@manageengine.com, or +1-408-916-9836 (toll free).