ManageEngine.ADManager.Plus.PasswordExpiryAction.File.Upload

description-logoDescription

This indicates an attack attempt to exploit an Unrestricted File Upload Vulnerability in Zoho Corporation ManageEngine ADManager Plus.
The vulnerability is due to lack of validation of uploaded files in PasswordExpiryAction class. A remote authenticated attacker can exploit the vulnerability by sending crafted requests to the server. Successful exploitation could result in unrestricted file upload and remote code execution in the security context of SYSTEM.

affected-products-logoAffected Products

Zoho Corporation ManageEngine ADManager Plus before build 7113

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
https://www.manageengine.com/products/ad-manager/release-notes.html#7113

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2023-08-03 25.614 Name:Zoho.
ME.
ADManager.
PasswordExpiryAction.
Unrestricted.
File.
Upload:ManageEngine.
ADManager.
Plus.
PasswordExpiryAction.
File.
Upload
2022-02-14 19.259 Default_action:pass:drop
2021-12-13 19.217