ADManager Plus security vulnerabilities
Read about ManageEngine's security policies, which extend to all its products.
Note: ADManager Plus releases backend patches to address any major vulnerabilities. You will be able to view these updates under the bell icon in the product console.
This page lists the recently reported security vulnerabilities related to ADManager Plus.
- User enumeration without authentication
The Employee Search feature in ADManager Plus is enabled by default, so malicious users can exploit this and gain unauthorized access to the data.
For more information on this vulnerability and steps to address it, refer to this security advisory document.
- Unauthenticated change to integration system vulnerability
ADManager Plus had an integration system vulnerability that an attacker could exploit to introduce unauthenticated changes to product integrations.
To learn more about this issue and take steps to take to mitigate it, refer to this security advisory document.
New to ADSelfService Plus?
Related Articles
How to identify and combat unrestricted file upload, path traversal and broken authentication vulnerabilities in ADManager Plus
ADManager Plus builds have been reported to suffer unrestricted file upload, path traversal and broken authentication vulnerabilities, leading to potential unauthenticated remote code execution. For more information on these vulnerabilities and their ...Error: Sorry, an error occurred in SAML Login during SSO redirection from ADManager Plus to the IdP
Issue description When attempting to log in to ADManager Plus using SAML Single Sign-On (SSO), users may encounter the following error message: "Sorry, an error occurred in SAML Login" ; "Please check the SAML Authentication configuration". This ...ADManager Plus upgrade failure
Issue description Upgrade failure occurs when background processes from the ADManager Plus installation folder are still running. During an upgrade, if files within the installation directory are being accessed by other processes, the upgrade may ...Data security in ADManager Plus: At rest and in transit
This article explains how ADManager Plus secures customer data when it is stored at rest, and when it is transmitted (in transit). Data security at rest ADManager Plus protects sensitive data stored in its database using strong encryption and access ...How to integrate ADManager Plus with ServiceDesk Plus
The ADManager Plus-SeviceDesk Plus integration allows administrators to perform Active Directory management operations directly from the ServiceDesk Plus console. Using the ServiceDesk Plus console, administrators or help desk technicians can perform ...