Security Advisory - M365 Manager Plus versions 4420 and below

Security Advisory - M365 Manager Plus versions 4420 and below

Hello everybody!

           We have fixed an authentication bypass leading to arbitrary file-upload remote code execution vulnerability (CVE-2021-42099) reported by moon. This article provides more information on the issue and how to resolve it.

What is the issue?
  • Authentication bypass leading to arbitrary file-upload remote code execution vulnerability (CVE-2021-42099), 
What is the severity of this issue?
  • This is a critical issue.
Which versions of M365 Manager Plus are affected?
  • M365 Manager Plus builds up to 4421 are affected.
How does it impact M365 Manager Plus customers?
  • The authentication bypass vulnerability allows an attacker to upload an arbitrary file and execute the same in product server. So far no customers were affected by this issue.
What should I do if my installation is affected?
  • Update M365 Manager Plus to the latest build, 4425, using the service pack.
If you need further information, have any questions, or face any difficulties updating M365 Manager Plus, please get in touch with us at m365managerplus-support@manageengine.com, or +1-408-916-9836 (toll free).

                New to ADSelfService Plus?