11.10.2021

ManageEngine ADSelfService Plus Security Update

Alert
  • facebook share link
  • twitter share link
  • linkedin share link
  • mail share link

Date of Notice: 11/10/2021

Action Level - Critical

Description

MCNC would like to make you aware of a vulnerability affecting the ADSelfService Plus tool offered by ManageEngine. This vulnerability affects builds 6113 and older and could allow an unauthenticated attacker to execute code remotely on a vulnerable server. There are multiple reports of this vulnerability being exploited in targeted attacks. ManageEngine recommends immediate patching of vulnerable systems in addition to utilizing exploit detection tools to check for system compromise.

Affected Software

  • ManageEngine ADSelfService Plus - Build 6113 and older

Attack Vector

An attacker with remote access to a vulnerable server.

Attack Feasibility

There are reports that this issue is being actively exploited in targeted attacks.

Mitigations

There are no known mitigations or workarounds to address this vulnerability.

Remediation

ManageEngine has released build 6114 to remediate this vulnerability. They also provide multiple tools to verify whether your system has been compromised using this vulnerability in their security advisory. ManageEngine recommends updating to a fixed build and following steps to check for system compromise as soon as possible. 

Vendor Resources

MCNC
PO Box 12889
3021 East Cornwallis Road
RTP, NC 27709-2889
919-248-1900 Phone | 919-248-1101 Fax
Connect With Us
  • linkedin
  • instagram
  • x
  • facebook
  • youtube
© 2024 MCNC