logo
DATABASE RESOURCES PRICING ABOUT US

ManageEngine ADSelfService Plus < build 6114 REST API Authentication Bypass

Description

According to its self-reported version, the ManageEngine ADSelfService Plus application running on the remote host is prior to build 6114. It is, therefore, affected by an authentication bypass vulnerability affecting REST API URLs. An unauthenticated, remote attacker can exploit this to bypass authentication and execute arbitrary code. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported build number.


Related