ADManager Plus security vulnerabilities
Read about ManageEngine's security policies, which extend to all its products.
This page lists the recently reported security vulnerabilities related to ADManager Plus.
- User enumeration without authentication
The Employee Search feature in ADManager Plus is enabled by default, so malicious users can exploit this and gain unauthorized access to the data.
For more information on this vulnerability and steps to address it, refer to this security advisory document.
- Unauthenticated change to integration system vulnerability
ADManager Plus had an integration system vulnerability that an attacker could exploit to introduce unauthenticated changes to product integrations.
To learn more about this issue and take steps to take to mitigate it, refer to this security advisory document.
New to ADSelfService Plus?
Related Articles
How to identify and combat unrestricted file upload, path traversal and broken authentication vulnerabilities in ADManager Plus
ADManager Plus builds have been reported to suffer unrestricted file upload, path traversal and broken authentication vulnerabilities, leading to potential unauthenticated remote code execution. For more information on these vulnerabilities and their ...How to integrate ADManager Plus with ServiceDesk Plus
The ADManager Plus-SeviceDesk Plus integration allows administrators to perform Active Directory management operations directly from the ServiceDesk Plus console. Using the ServiceDesk Plus console, administrators or help desk technicians can perform ...ADManager Plus Best Practices
Best practices, 1.Please make sure that scheduled reports are configured in a proper time interval of atleast 5 minutes between each schedule. 2.Please check the list of scheduled reports and remove the unnecessary scheduled reports.(Login as the ...How to install ADManager Plus in AWS
Steps to install ADManager Plus in Amazon Web Services EC2 instance: Logon to your Amazon Web Services (AWS) account. Select the configured EC2 instance and click the connect button. Connect to your Windows instance using: RDP client by downloading ...How to update ADManager Plus' built-in PostgreSQL database
Steps to update your ADManager Plus instance's PostgreSQL database Stop ADManager Plus by navigating to Start > All Programs > ADManager Plus > Stop ADManager Plus. Note: If you have installed ADManager Plus as a Microsoft Windows service, stop the ...