A java deserialization vulnerability and a blind XXE vulnerability allows unauthenticated remote attackers to execute system commands in Zoho ManageEngine ADAudit Plus.
This update fixes the module attack logic when launched in webapps RPT.
This update fixes the module attack logic when launched in webapps RPT.
CVE Link
Exploit Platform
Exploit Type
Product Name