Headline
CVE-2021-42002: ADManager Plus's Release Notes For Highlights and Information about the Latest Release - Windows Active Directory and Exchange Management, Reporting, Delegation, Automation Tool
Zoho ManageEngine ADManager Plus before 7115 is vulnerable to a filter bypass that leads to file-upload remote code execution.
Related news
Zoho ManageEngine Patch Connect Plus before 90099 is vulnerable to unauthenticated remote code execution.
*Where can I find more information about Active Directory SAM Account hardening changes?* See Active Directory SAM Account hardening changes.
*Where can I find more information about the improved authentication process added by the update for CVE-2021-42287?* See Authentication updates.
*Where can I find more information about Active Directory permissions updates?* See Active Directory permissions updates.
Zoho ManageEngine ADManager Plus before 7110 is vulnerable to blind XXE.
Zoho ManageEngine ADManager Plus version 7110 and prior has a Post-Auth OS command injection vulnerability.
Zoho ManageEngine ADManager Plus version 7110 and prior allows account takeover via SSO.
ManageEngine ADManager Plus before 7111 has Pre-authentication RCE vulnerabilities.