ADManager Plus security vulnerabilities
Read about ManageEngine's security policies, which extend to all its products.
This page lists the recently reported security vulnerabilities related to ADManager Plus.
- User enumeration without authentication
The Employee Search feature in ADManager Plus is enabled by default, so malicious users can exploit this and gain unauthorized access to the data.
For more information on this vulnerability and steps to address it, refer to this security advisory document.
- Unauthenticated change to integration system vulnerability
ADManager Plus had an integration system vulnerability that an attacker could exploit to introduce unauthenticated changes to product integrations.
To learn more about this issue and take steps to take to mitigate it, refer to this security advisory document.
New to ADSelfService Plus?
Related Articles
How to identify and combat unrestricted file upload, path traversal and broken authentication vulnerabilities in ADManager Plus
ADManager Plus builds have been reported to suffer unrestricted file upload, path traversal and broken authentication vulnerabilities, leading to potential unauthenticated remote code execution. For more information on these vulnerabilities and their ...How to integrate ADManager Plus with ServiceDesk Plus?
Objective: To integrate ADManager Plus with ServiceDesk Plus Solution: The ADManager Plus-ServiceDesk Plus integration allows administrators to perform Active Directory management operations directly from the ServiceDesk Plus console. Using the ...How to apply the service pack to update ADManager Plus
You can update ADManager Plus to a higher version by applying the appropriate service pack downloaded from this page. Note: If you have enabled High Availability, proceed with these steps after applying the service pack. Alternatively, if you have ...How to install an SSL certificate in ADManager Plus ?
Objective: To install SSL certificate in ADManager Plus Solution: Steps to apply an SSL certificate in ADManager Plus Enable SSL in the ADManager Plus client. Create a Certificate Signing Request (CSR). Issue the SSL certificate. Associate the ...Best practices to enhance the protection of ADManager Plus
This article lists some of the best practices that you can use to secure ADManager Plus. You can implement these recommendations, regardless of whether you choose to deploy the product on-premises or on the cloud. Modify the permissions of ADManager ...