Headline
CVE-2022-42904: Mitigate authenticated RCE vulnerability in ADManager Plus
Zoho ManageEngine ADManager Plus through 7151 allows authenticated admin users to execute the commands in proxy settings.
[FIXED] Authenticated RCE vulnerability - ManageEngine ADManager Plus
Vulnerability details
Severity
Medium
CVE ID
CVE-2022-42904
Affected software versions
Build 7151 and older
Fixed version
Build 7160
Fixed on
September 26, 2022
Details
ADManager Plus builds 7151 and older were reported to have an authenticated remote code execution vulnerability. This has been fixed in the build 7160; its release notes can be found here.
Impact
An authenticated user can remotely execute codes on the machine where ADManager Plus is installed.
Steps to update
Update your ADManager Plus instance to its latest build by installing the service pack.
Acknowledgement
This issue was reported by George Koumettou via the Zoho Bug Bounty Program.
Request Support
Need further assistance? Fill this form, and we’ll contact you rightaway.
Select a language to translate the contents of this web page: