• How do I find out my Build number?
• 1 Log in to the ADAudit Plus web console, and click License in the top pane.
• 2 You will find the build number mentioned below the product version. This is the current build number of ADAudit Plus.
  
  

• How do I find my database type?
• 1 Log in to the ADAudit Plus web console, and click the Support tab.
• 2 On the Support Info tile, click More.
• 3 Under Basic Check, click the Machine Details drop-down to find your Database type specified at the bottom.
  
  

Security advisory - ADAudit Plus Unauthenticated Remote Code Execution Vulnerability

CVEID: CVE-2022-28219

Severity: Critical

Affected Software Version(s): All ADAudit Plus builds below 7060 [How to find your build number]

Fixed Version(s): Build 7060

Fixed on: March 30, 2022

Details: ManageEngine ADAudit Plus had some vulnerable API endpoints that allowed an unauthenticated attacker to exploit XML External Entities (XXE), Java deserialization and path traversal vulnerabilities. The chain could be leveraged to perform unauthenticated remote code execution. This issue has been fixed.

Impact: An unauthenticated attacker would be able to remotely execute an arbitrary code in the ADAudit Plus server.

Steps to upgrade: Update your ADAudit Plus instance to the latest version – 7065 – using the service pack.

Exploitation and Public Announcements: We are aware that a proof-of-concept exploit code is publicly available for the vulnerability described in this advisory.

How do I check if my installation is impacted?

Please use our exploit detection tool to identify whether your installation has been impacted by this vulnerability. You can download the tool here. Once you have downloaded it, follow these steps:

1. Extract the file to the \ManageEngine\ADAudit Plus\bin folder.
2. Right-click on the RCEScan.bat file, and select Run as administrator.
3. A Command Prompt window will open and the tool will run a scan.
   • If your installation is impacted, you will get the following message:
     Attack vectors detected in your instance. Please upgrade to the latest version using the link https://www.manageengine.com/products/active-directory-audit/service-pack.html and contact support@adauditplus.com for further assistance.

     Please reach out to support@adauditplus.com with logs for further assistance if your ADAudit Plus set up is impacted.

   • If your installation is not impacted, you will get the following message:
     No attack vectors found in your instance. However, we strongly recommend that you upgrade to the latest version using this link: https://www.manageengine.com/products/active-directory-audit/service-pack.html

We strongly recommend that you update your ADAudit Plus installation to the latest version – 7065 – to mitigate this vulnerability.

Acknowledgments: This issue was reported by Naveen Sunkavally at Horizon3.ai.

Please contact support@adauditplus.com for more details.