virus logo Client Application Firewall

ManageEngine.ADManager.Plus.LicenseAction.File.Upload

description-logoDescription

This indicates an attack attempt to exploit an Unrestricted File Upload Vulnerability in Zoho Corporation ManageEngine ADManager Plus.
The vulnerability is due to lack of validation of uploaded files in LicenseAction class. A remote authenticated attacker can exploit the vulnerability by sending crafted requests to the server. Successful exploitation could result in unrestricted file upload and remote code execution in the security context as SYSTEM.

affected-products-logoAffected Products

Zoho Corporation ManageEngine ADManager Plus before build 7111

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
https://www.manageengine.com/products/ad-manager/release-notes.html#7111

Version Updates

Date Version Status Detail
2023-08-07 25.615
Modified
 Name:Zoho.
ME.
ADManager.
Plus.
LicenseAction.
Unrestricted.
File.
Upload:ManageEngine.
ADManager.
Plus.
LicenseAction.
File.
Upload
2022-03-14 20.275
New
ID 51240
Created Feb 23, 2022
Updated Aug 03, 2023
CVE ID
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon
Exploit Prediction Score 36.01%
Default Action drop
Affected OS Windows, Linux
Affected App Other
Profile Type Permission/Privilege/Access Control