CVE-2023-38743: Authenticated RCE vulnerability in ADManager Plus | CVE

Vulnerability details

Severity

Low

CVE ID

CVE- 2023-38743

Affected software versions

Build 7188 and older

Fixed version

Build 7200

Fixed on

June 13, 2023

Details

In ADManager Plus builds 7188 and older, an authenticated RCE vulnerability was reported. This has been fixed in the build 7200 and the release notes for it can be found here.

Impact

Authenticated users with admin privileges can run an arbitrary command on the host machine in which ADManager Plus is installed.

Steps to update

Update ADManager Plus instance to its latest build by installing the service pack.

Acknowledgement

This issue was reported anonymously by a user on Trend Micro’s Zero Day Initiative Published Advisories website.

Select a language to translate the contents of this web page: