Zoho Manage Engine Password Manager Zero-Day addressed: Tenable Comment

Zoho addressed a critical security vulnerability in the Zoho ManageEngine ADSelfService Plus platform. Successful exploitation could result in remote code execution. There are over 2,000 ADSelfService Plus systems publicly accessible in the last several years, including 49 in India. Organisations are urged to apply patches immediately.

Below is a comment from Satnam Narang, staff research engineer, Tenable

“Zoho published a security advisory to address a critical authentication bypass vulnerability in its ADSelfService Plus solution that has been exploited in the wild as a zero-day. A remote, unauthenticated attacker could exploit this vulnerability by sending a specially crafted request to vulnerable REST API URL endpoints. Successful exploitation would result in remote code execution.

“Because ADSelfService Plus is a self-service password management and single sign-on solution for Active Directory and cloud apps, an attacker that is able to exploit this vulnerability can leverage it to gain further foothold into an organisation.

“At the present moment, some research on ZoomEye suggests that there were over 2,000 ADSelfService Plus systems publicly accessible in the last several years, including 42 in Australia and 49 in India.

“It is important for organisations to apply the available patch immediately.” — Satnam Narang, staff research engineer, Tenable

Related posts

IceWarp Commands 60% Market Share in India’s Top Pharmaceutical & Healthcare Sector for its Enterprise Email and Collaboration Solutions

Google Gemini’s Deep Research Feature Now Live in 9 Indian Languages

Team Computers & HP Unveil The Future of High-performance Computing at The HP Z Series Event

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read More