CVE-2021-37925: ADManager Plus's Release Notes For Highlights and Information about the Latest Release - Windows Active Directory and Exchange Management, Reporting, Delegation, Automation Tool

Zoho ManageEngine ADManager Plus before 7115 is vulnerable to a filter bypass that leads to file-upload remote code execution.

Zoho ManageEngine Patch Connect Plus before 90099 is vulnerable to unauthenticated remote code execution.

*Where can I find more information about Active Directory SAM Account hardening changes?* See Active Directory SAM Account hardening changes.

*Where can I find more information about Active Directory permissions updates?* See Active Directory permissions updates.

*Where can I find more information about the improved authentication process added by the update for CVE-2021-42287?* See Authentication updates.

An issue was found in /showReports.do Zoho ManageEngine Applications Manager up to 14550, allows attackers to gain escalated privileges via the resourceid parameter.

Zoho ManageEngine ADManager Plus before 7110 is vulnerable to blind XXE.

Zoho ManageEngine ADManager Plus version 7110 and prior is vulnerable to unrestricted file upload, leading to remote code execution.

Zoho ManageEngine ADManager Plus before 7111 is vulnerable to unrestricted file which leads to Remote code execution.

OpenSIS Community Edition version 8.0 is affected by a cross-site scripting (XSS) vulnerability in the TakeAttendance.php via the cp_id_miss_attn parameter.

Zoho ManageEngine ADManager Plus version 7110 and prior allows account takeover via SSO.

In Cloudron 6.2, the returnTo parameter on the login page is vulnerable to Reflected XSS.

ManageEngine ADManager Plus before 7111 has Pre-authentication RCE vulnerabilities.

Reflected Cross Site Scripting (XSS) vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4

Open Redirection vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4

Information leakage vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4