ADManager Plus security vulnerabilities

ADManager Plus security vulnerabilities

Read about ManageEngine's security policies, which extend to all its products.

Note: ADManager Plus releases backend patches to address any major vulnerabilities. You will be able to view these updates under the bell icon in the product console.

This page lists the recently reported security vulnerabilities related to ADManager Plus.

  • User enumeration without authentication

    The Employee Search feature in ADManager Plus is enabled by default, so malicious users can exploit this and gain unauthorized access to the data.

    For more information on this vulnerability and steps to address it, refer to this security advisory document.

  • Unauthenticated change to integration system vulnerability

    ADManager Plus had an integration system vulnerability that an attacker could exploit to introduce unauthenticated changes to product integrations.

    To learn more about this issue and take steps to take to mitigate it, refer to this security advisory document.


                  New to ADSelfService Plus?