Headline
CVE-2021-42287: Active Directory Domain Services Elevation of Privilege Vulnerability
Where can I find more information about the improved authentication process added by the update for CVE-2021-42287?
See Authentication updates.
Related news
Zoho ManageEngine ADManager Plus before 7115 is vulnerable to a filter bypass that leads to file-upload remote code execution.
Zoho ManageEngine Patch Connect Plus before 90099 is vulnerable to unauthenticated remote code execution.
*Where can I find more information about Active Directory permissions updates?* See Active Directory permissions updates.
*Where can I find more information about Active Directory SAM Account hardening changes?* See Active Directory SAM Account hardening changes.
*What type of information could be disclosed by this vulnerability?* Exploiting this vulnerability could allow the disclosure of initialized and/or uninitialized memory in the process heap.
*What can cause this vulnerability?* The vulnerability occurs due to improper validation of cmdlet arguments. *Does the attacker need to be in an authenticated role in the Exchange Server?* Yes, the attacker must be authenticated.
Zoho ManageEngine ADManager Plus before 7110 is vulnerable to blind XXE.
Zoho ManageEngine ADManager Plus version 7110 and prior has a Post-Auth OS command injection vulnerability.
Zoho ManageEngine ADManager Plus version 7110 and prior allows account takeover via SSO.
ManageEngine ADManager Plus before 7111 has Pre-authentication RCE vulnerabilities.
A stored cross-site scripting issue impacts certain areas of the Web UI for Code Insight v7.x releases up to and including 2020 R1 (7.11.0-64).
An elevated privileges issue related to Spring MVC calls impacts Code Insight v7.x releases up to and including 2020 R1 (7.11.0-64).