Primary

Context

ManageEngine ADManager Plus Path Traversal Vulnerability in User Management Module

Vulnerability

Patched

A path traversal vulnerability has been identified in ManageEngine ADManager Plus, affecting versions prior to 7230. This vulnerability allows authenticated users to create arbitrary folders on the ADManager Plus server and inject files into those folders. The issue has been addressed in version 7230, released on March 6, 2024.

Impact

Exploitation of this vulnerability could enable an authenticated user to create arbitrary directories on the ADManager Plus server and inject files into those directories.

Remediation

Users can update their ADManager Plus instance to the latest build by installing the available service pack.

Added: Jan 13, 2026, 2:37 PM

Updated: Jan 13, 2026, 2:37 PM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

0.6

exploitability

4.9

remediation

7.7

relevance

2.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

0.6

exploitability

4.9

remediation

7.7

relevance

2.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ManageEngine ADManager Plus Path Traversal Vulnerability in User Management Module

Vulnerability

Impact

Remediation

Affected Products

ManageEngine ADManager Plus

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating