ManageEngine ADSelfService Plus Security Update
Date of Notice: 11/10/2021
Action Level - Critical
MCNC would like to make you aware of a vulnerability affecting the ADSelfService Plus tool offered by ManageEngine. This vulnerability affects builds 6113 and older and could allow an unauthenticated attacker to execute code remotely on a vulnerable server. There are multiple reports of this vulnerability being exploited in targeted attacks. ManageEngine recommends immediate patching of vulnerable systems in addition to utilizing exploit detection tools to check for system compromise.
- ManageEngine ADSelfService Plus - Build 6113 and older
An attacker with remote access to a vulnerable server.
There are reports that this issue is being actively exploited in targeted attacks.
There are no known mitigations or workarounds to address this vulnerability.
ManageEngine has released build 6114 to remediate this vulnerability. They also provide multiple tools to verify whether your system has been compromised using this vulnerability in their security advisory. ManageEngine recommends updating to a fixed build and following steps to check for system compromise as soon as possible.