Today security researcher Bhadresh Patel from the Exploitdb site reported that ManageEngine AdSelfService has vulnerable parts like Unathenticated Remote Code Execution.
As the IT management division of Zoho Corporation, ManageEngine prioritizes
flexible solutions that work for all businesses, regardless of size or
budget.
ManageEngine crafts comprehensive IT management software with a focus on making your job easier. Our 90+ products and free tools cover everything your IT needs, at prices you can afford.
From network and device management to security and service desk software, we’re bringing IT together for an integrated, overarching approach to optimize your IT.
“A remote code execution vulnerability exists in ManageEngine ADSelfService. Plus Software when it does not properly enforce user privileges associated with Windows Certificate Dialog. This vulnerability could allow an unauthenticated attacker to remotely execute commands with system level privileges on target windows host. An attacker does not require any privilege on the target system in order to exploit this vulnerability.”, Says the report.
To feel safe from using this software please make an urgent update!