Support
 
Phone Live Chat
 
Support
 
US: +1 888 720 9500
US: +1 800 443 6694
Intl: +1 925 924 9500
Aus: +1 800 631 268
UK: 0800 028 6590
CN: +86 400 660 8680

Direct Inward Dialing: +1 408 916 9393

 
 
 
 
 
Security Updates

[Fixed] Elevation of privilege vulnerability - ManageEngine ADManager Plus

Vulnerability Details
Severity High
CVE ID CVE-2024-24409
Affected software version 7203 and older
Fixed version 7210
Fixed on September 29, 2023

Details

The CVE-2024-24409 refers to an issue in ADManager Plus versions 7203 and older. The built-in help desk roles, specifically the Modify Computers role for managing custom attributes of computers, were misconfigured. This issue has been fixed in build 7210, and the release notes can be found here.

Impact

Technicians with the Modify Computers role were previously able to manage Additional Custom Attribute for computers in ADManager Plus due to misconfigured permissions. This issue has now been resolved by implementing proper access control mechanisms.

Steps to update

Update your ADManager Plus instance to its latest build by installing the service pack.

Acknowledgement

This vulnerability was reported by Metin.

 

Select a language to translate the contents of this web page:

Need further assistance?

Fill this form, and we'll contact you rightaway.

Request Support

  •  
  • *
     
  • *
     
  • *
     
  • By submitting you agree to processing of personal data according to the Privacy Policy.

"Thank you for submitting your request.

Our technical support team will get in touch with you at the earliest."

ADManager Plus Trusted By

The one-stop solution to Active Directory Management and Reporting
Email Download Link email-download-top