CVE-2021-38298: ADManager Plus's Release Notes For Highlights and Information about the Latest Release - Windows Active Directory and Exchange Management, Reporting, Delegation, Automation Tool

Zoho ManageEngine ADManager Plus before 7115 is vulnerable to a filter bypass that leads to file-upload remote code execution.

Zoho ManageEngine Patch Connect Plus before 90099 is vulnerable to unauthenticated remote code execution.

*Where can I find more information about the improved authentication process added by the update for CVE-2021-42287?* See Authentication updates.

*Where can I find more information about Active Directory permissions updates?* See Active Directory permissions updates.

*Where can I find more information about Active Directory SAM Account hardening changes?* See Active Directory SAM Account hardening changes.

An issue was found in /showReports.do Zoho ManageEngine Applications Manager up to 14550, allows attackers to gain escalated privileges via the resourceid parameter.

Zoho ManageEngine ADManager Plus version 7110 and prior allows account takeover via SSO.

Zoho ManageEngine ADManager Plus version 7110 and prior has a Post-Auth OS command injection vulnerability.

ManageEngine ADManager Plus before 7111 has Pre-authentication RCE vulnerabilities.

Open Redirection vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4

Information leakage vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4