ManageEngine ADAudit Plus is a security, auditing, and compliance solution for Windows. For Active Directory, Azure AD, file servers, Windows servers, and workstations, key features include thorough login auditing, detailed change tracking, real-time risk alerting, and automated compliance reporting.
Endpoints in ManageEngine ADAudit Plus are vulnerable and can allow an unauthenticated attacker to take advantage of XML External Entities (XXE), Java deserialization, and path traversal flaws. The chain could be used to execute unauthenticated remote codes.
Affected versions
Zoho ManageEngine ADAudit Plus versions Prior to build 7060 are affected by this vulnerability.
Mitigation
Customers are advised to update to Zoho ManageEngine ADAudit Plus build version 7060 to patch the vulnerability. For more information, customers can refer to the Zoho ManageEngine ADAudit Plus Security Advisory.
Qualys Detection
Qualys customers can scan their devices with QID 376525 to detect vulnerable assets.
Please continue to follow Qualys Threat Protection for more coverage on the latest vulnerabilities.
References
https://www.manageengine.com/products/active-directory-audit/cve-2022-28219.html