Introducing ADAudit Plus' Attack Surface Analyzer—Detect 25+ AD attacks and identify risky Azure configurations. Learn more×
 
Support
 
Phone Get Quote
 
Support
 
US: +1 888 720 9500
US: +1 888 791 1189
Intl: +1 925 924 9500
Aus: +1 800 631 268
UK: 0800 028 6590
CN: +86 400 660 8680

Direct Inward Dialing: +1 408 916 9892

Security Updates

 
close-but
  • How do I find out my Build number?
  • 1 Log in to the ADAudit Plus web console, and click License in the top pane.
  • 2 You will find the build number mentioned below the product version. This is the current build number of ADAudit Plus.

close-but
  • How do I find my database type?
  • 1 Log in to the ADAudit Plus web console, and click the Support tab.
  • 2 On the Support Info tile, click More.
  • 3 Under Basic Check, click the Machine Details drop-down to find your Database type specified at the bottom.

    How do I find my database type?

Security advisory - ADAudit Plus Unauthenticated Remote Code Execution Vulnerability

CVEID: CVE-2022-28219

Severity: Critical

Affected Software Version(s): All ADAudit Plus builds below 7060 [How to find your build number]

Fixed Version(s): Build 7060

Fixed on: March 30, 2022

Details: ManageEngine ADAudit Plus had some vulnerable API endpoints that allowed an unauthenticated attacker to exploit XML External Entities (XXE), Java deserialization and path traversal vulnerabilities. The chain could be leveraged to perform unauthenticated remote code execution. This issue has been fixed.

Impact: An unauthenticated attacker would be able to remotely execute an arbitrary code in the ADAudit Plus server.

Steps to upgrade: Update your ADAudit Plus instance to the latest version – 7065 – using the service pack.

Exploitation and Public Announcements: We are aware that a proof-of-concept exploit code is publicly available for the vulnerability described in this advisory.

How do I check if my installation is impacted?

Please use our exploit detection tool to identify whether your installation has been impacted by this vulnerability. You can download the tool here. Once you have downloaded it, follow these steps:

  1. Extract the file to the \ManageEngine\ADAudit Plus\bin folder.
  2. Right-click on the RCEScan.bat file, and select Run as administrator.
  3. A Command Prompt window will open and the tool will run a scan.
    • If your installation is impacted, you will get the following message:
      Attack vectors detected in your instance. Please upgrade to the latest version using the link https://www.manageengine.com/products/active-directory-audit/service-pack.html and contact support@adauditplus.com for further assistance.

      Please reach out to support@adauditplus.com with logs for further assistance if your ADAudit Plus set up is impacted.

    • If your installation is not impacted, you will get the following message:
      No attack vectors found in your instance. However, we strongly recommend that you upgrade to the latest version using this link: https://www.manageengine.com/products/active-directory-audit/service-pack.html

We strongly recommend that you update your ADAudit Plus installation to the latest version – 7065 – to mitigate this vulnerability.

Acknowledgments: This issue was reported by Naveen Sunkavally at Horizon3.ai.

Please contact support@adauditplus.com for more details.

ADAudit Plus Trusted By

Meet all auditing and IT security needs with ADAudit Plus.

  • Active Directory
  • File servers
  • Windows server
  • Workstation
  • Compliance
  • Related Products

A single pane of glass for complete Active Directory Auditing and Reporting

Free Trial Get Quote
Email Download Link