{"id":47382,"date":"2022-06-30T15:17:15","date_gmt":"2022-06-30T15:17:15","guid":{"rendered":"https:\/\/www.darkreading.com\/vulnerabilities-threats\/manageengine-adaudit-plus-vulnerability-network-takeover-data-exfiltration"},"modified":"2022-06-30T15:17:15","modified_gmt":"2022-06-30T15:17:15","slug":"critical-manageengine-adaudit-plus-vulnerability-allows-network-takeover-mass-data-exfiltration","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/critical-manageengine-adaudit-plus-vulnerability-allows-network-takeover-mass-data-exfiltration\/","title":{"rendered":"Critical ManageEngine ADAudit Plus Vulnerability Allows Network Takeover, Mass Data Exfiltration"},"content":{"rendered":"<div><img decoding=\"async\" src=\"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/bltbfb7c8f2ed642c56\/627ad8a5e9dae965bdbcb1dd\/Bug-KonstantinNechaev-Alamy.jpg\" class=\"ff-og-image-inserted\"><\/div>\n<p>A critical vulnerability in Zoho\u2019s widely used compliance tool, ManageEngine ADAudit Plus, which monitors changes to Microsoft Active Directory, leaves endpoints vulnerable to unauthenticated users. A successful exploit could allow an attacker to take over an entire enterprise network, Horizon3.ai researchers warn.<\/p>\n<p>ADAudit Plus offers a path into an organization\u2019s workstations, servers, and file servers, giving IT admins access to a range of users, groups, permissions, and login credentials, as well as security policies.&nbsp;ADAudit Plus also enables users to collect security events from agents running on other machines in the domain through endpoints that agents use to upload events.<\/p>\n<p>The platform\u2019s ability to offer deep access into a company\u2019s internal IT ecosystem heightens the potential for a nightmare-scenario level of data exposure in the event of a breach. <\/p>\n<p>The <a href=\"https:\/\/www.manageengine.com\/products\/active-directory-audit\/cve-2022-28219.html\" target=\"_blank\" rel=\"noopener\">CVE-2022-28219<\/a> vulnerability enables malicious actors to easily take over a network for which they already have initial access. Malicious actors could exploit this vulnerability to deploy ransomware, exfiltrate sensitive business data, or disrupt business operations.<\/p>\n<p>They&nbsp;could also then go on to exploit XML External Entities (XXE), Java deserialization, and path traversal vulnerabilities to wreak additional havoc, according to an <a href=\"https:\/\/www.horizon3.ai\/red-team-blog-cve-2022-28219\/\" target=\"_blank\" rel=\"noopener\">in-depth analysis<\/a>&nbsp;this week&nbsp;by Horizon3.ai.<\/p>\n<h2 class=\"regular-text\">Inside the Vulnerability<\/h2>\n<p>Horizon3.ai discovered some of the ADAudit Plus endpoints used for reporting&nbsp;were unauthenticated.<\/p>\n<p>\u201cOne of the first things that stood out was the presence of a \/cewolf endpoint handled by the CewolfRenderer servlet in the third-party Cewolf charting library,\u201d the analysis states. \u201cThis is the same vulnerable endpoint from <a href=\"https:\/\/pitstop.manageengine.com\/portal\/en\/community\/topic\/a-critical-security-patch-released-in-desktop-central-and-desktop-central-msp-for-cve-2021-44757-17-1-2022\" target=\"_blank\" rel=\"noopener\">CVE-2020-10189<\/a>, reported against ManageEngine Desktop Central.\u201d<\/p>\n<p>It added,&nbsp;\u201cThis gave us a large attack surface to work with because there\u2019s a lot of business logic that was written to process these events. While looking for a file-upload vector, we found a path to trigger a blind XXE [XML External Entity injection]&nbsp;vulnerability in the ProcessTrackingListener class, which handles events containing Windows scheduled task XML content.\u201d<\/p>\n<p>The vulnerability was disclosed to Zoho in March, which released a new build, ADAudit Plus 7060, to fix the issue.&nbsp;The patch fixes the vulnerability by removing the \/cewolf endpoint altogether, instead using a secure version of DocumentBuilderFactoryin the ProcessingTrackingListener class and requiring authentication in the form of an agent GUID between agents and ADAudit Plus.<\/p>\n<h2 class=\"regular-text\">High Stakes, Plus&nbsp;Exploitation Difficult to Detect<\/h2>\n<p>Horizon3.ai chief architect Naveen Sunkavally explains that ManageEngine products are very common in the enterprise and have been favorite targets of attackers over the years.<\/p>\n<p>\u201cADAudit Plus is a tool that&#8217;s used for compliance and auditing, which is a common need for many companies spanning different verticals,\u201d he says. \u201cThis vulnerability has been found to be present in many types of environments, from healthcare and technology to construction and local governments.\u201d<\/p>\n<p>Just last fall, ManageEngine ADSelfService Plus, Desktop Central, and ServiceDesk Plus were all actively targeted by attackers using previously undisclosed zero days (CVE-2021-44515, CVE-2021-44077, and CVE-2021-40539) that are now part of the CISA Known Exploited Vulnerabilities (KEV)&nbsp;<a href=\"https:\/\/www.cisa.gov\/known-exploited-vulnerabilities-catalog\" target=\"_blank\" rel=\"noopener\">list<\/a>.<\/p>\n<p>The latest vulnerability is easy to exploit without any prior knowledge and can yield the &#8220;keys to the kingdom,&nbsp; Sunkavally explains. To boot, exploitation is not that easy to detect because it makes use of the natural behavior of the ADAudit Plus application.<\/p>\n<p>\u201cADAudit Plus is an attractive target for attackers because it integrates with Active Directory and stores high-privileged domain user credentials,\u201d Sunkavally says.<\/p>\n<p>He notes an attacker with initial access to a compromised network could exploit this vulnerability to extract these high-privileged credentials, move laterally, and take over the entire network.<\/p>\n<p>\u201cWe&#8217;ve seen real-world environments where just exploiting this vulnerability alone is enough to take over the enterprise,\u201d Sunkavally adds. <\/p>\n<p>He advises businesses using ADAudit Plus to upgrade to build 7060 or later and ensure ADAudit Plus is configured with a dedicated service account with restricted privileges.<\/p>\n<p>\u201cThis vulnerability is not one to hold off on patching,\u201d he says. <\/p>\n<h2 class=\"regular-text\">Buggy ManageEngine Has History of Vulnerabilities <\/h2>\n<p>This is not the first time the ManageEngine suite was&nbsp;found to have vulnerabilities. Last September a <a href=\"https:\/\/www.darkreading.com\/threat-intelligence\/fbi-cisa-cgcyber-warn-of-apts-targeting-cve-2021-40539\" target=\"_blank\" rel=\"noopener\">joint advisory<\/a> from the FBI and CISA warned of APT attackers exploiting a critical authentication bypass vulnerability in ManageEngine ADSelfService Plus. <\/p>\n<p>While Zoho moved to fix the vulnerabilities, less than a month later Palo Alto Networks <a href=\"https:\/\/www.darkreading.com\/risk\/zoho-manageengine-flaw-highlights-risks-of-race-to-patch\" target=\"_blank\" rel=\"noopener\">issued a warning<\/a> that many companies are still vulnerable. <\/p>\n<p>Most recently, an elusive attack targeting SolarWinds&#8217; Orion network management software, dubbed <a href=\"https:\/\/www.darkreading.com\/attacks-breaches\/what-we-know-and-don-t-know-so-far-about-the-supernova-solarwinds-attack\" target=\"_blank\" rel=\"noopener\">the Supernova cyberattack<\/a>, exploited a ManageEngine flaw in the software running on a victim&#8217;s server.<\/p>\n<p>Read More <a href=\"https:\/\/www.darkreading.com\/vulnerabilities-threats\/manageengine-adaudit-plus-vulnerability-network-takeover-data-exfiltration\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>An unauthenticated remote code execution vulnerability found in Zoho\u2019s compliance tool could leave organizations exposed to an information disclosure catastrophe, new analysis shows.Read More <a href=\"https:\/\/www.darkreading.com\/vulnerabilities-threats\/manageengine-adaudit-plus-vulnerability-network-takeover-data-exfiltration\">HERE<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[151],"tags":[],"class_list":["post-47382","post","type-post","status-publish","format-standard","hentry","category-darkreading-ti"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.5 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Critical ManageEngine ADAudit Plus Vulnerability Allows Network Takeover, Mass Data Exfiltration 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/critical-manageengine-adaudit-plus-vulnerability-allows-network-takeover-mass-data-exfiltration\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Critical ManageEngine ADAudit Plus Vulnerability Allows Network Takeover, Mass Data Exfiltration 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/critical-manageengine-adaudit-plus-vulnerability-allows-network-takeover-mass-data-exfiltration\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2022-06-30T15:17:15+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/bltbfb7c8f2ed642c56\/627ad8a5e9dae965bdbcb1dd\/Bug-KonstantinNechaev-Alamy.jpg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/critical-manageengine-adaudit-plus-vulnerability-allows-network-takeover-mass-data-exfiltration\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/critical-manageengine-adaudit-plus-vulnerability-allows-network-takeover-mass-data-exfiltration\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Critical ManageEngine ADAudit Plus Vulnerability Allows Network Takeover, Mass Data Exfiltration\",\"datePublished\":\"2022-06-30T15:17:15+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/critical-manageengine-adaudit-plus-vulnerability-allows-network-takeover-mass-data-exfiltration\\\/\"},\"wordCount\":772,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/critical-manageengine-adaudit-plus-vulnerability-allows-network-takeover-mass-data-exfiltration\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/bltbfb7c8f2ed642c56\\\/627ad8a5e9dae965bdbcb1dd\\\/Bug-KonstantinNechaev-Alamy.jpg\",\"articleSection\":[\"DarkReading |TI\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/critical-manageengine-adaudit-plus-vulnerability-allows-network-takeover-mass-data-exfiltration\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/critical-manageengine-adaudit-plus-vulnerability-allows-network-takeover-mass-data-exfiltration\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/critical-manageengine-adaudit-plus-vulnerability-allows-network-takeover-mass-data-exfiltration\\\/\",\"name\":\"Critical ManageEngine ADAudit Plus Vulnerability Allows Network Takeover, Mass Data Exfiltration 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/critical-manageengine-adaudit-plus-vulnerability-allows-network-takeover-mass-data-exfiltration\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/critical-manageengine-adaudit-plus-vulnerability-allows-network-takeover-mass-data-exfiltration\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/bltbfb7c8f2ed642c56\\\/627ad8a5e9dae965bdbcb1dd\\\/Bug-KonstantinNechaev-Alamy.jpg\",\"datePublished\":\"2022-06-30T15:17:15+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/critical-manageengine-adaudit-plus-vulnerability-allows-network-takeover-mass-data-exfiltration\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/critical-manageengine-adaudit-plus-vulnerability-allows-network-takeover-mass-data-exfiltration\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/critical-manageengine-adaudit-plus-vulnerability-allows-network-takeover-mass-data-exfiltration\\\/#primaryimage\",\"url\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/bltbfb7c8f2ed642c56\\\/627ad8a5e9dae965bdbcb1dd\\\/Bug-KonstantinNechaev-Alamy.jpg\",\"contentUrl\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/bltbfb7c8f2ed642c56\\\/627ad8a5e9dae965bdbcb1dd\\\/Bug-KonstantinNechaev-Alamy.jpg\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/critical-manageengine-adaudit-plus-vulnerability-allows-network-takeover-mass-data-exfiltration\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Critical ManageEngine ADAudit Plus Vulnerability Allows Network Takeover, Mass Data Exfiltration\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Critical ManageEngine ADAudit Plus Vulnerability Allows Network Takeover, Mass Data Exfiltration 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/critical-manageengine-adaudit-plus-vulnerability-allows-network-takeover-mass-data-exfiltration\/","og_locale":"en_US","og_type":"article","og_title":"Critical ManageEngine ADAudit Plus Vulnerability Allows Network Takeover, Mass Data Exfiltration 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/critical-manageengine-adaudit-plus-vulnerability-allows-network-takeover-mass-data-exfiltration\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2022-06-30T15:17:15+00:00","og_image":[{"url":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/bltbfb7c8f2ed642c56\/627ad8a5e9dae965bdbcb1dd\/Bug-KonstantinNechaev-Alamy.jpg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/critical-manageengine-adaudit-plus-vulnerability-allows-network-takeover-mass-data-exfiltration\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/critical-manageengine-adaudit-plus-vulnerability-allows-network-takeover-mass-data-exfiltration\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Critical ManageEngine ADAudit Plus Vulnerability Allows Network Takeover, Mass Data Exfiltration","datePublished":"2022-06-30T15:17:15+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/critical-manageengine-adaudit-plus-vulnerability-allows-network-takeover-mass-data-exfiltration\/"},"wordCount":772,"commentCount":0,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/critical-manageengine-adaudit-plus-vulnerability-allows-network-takeover-mass-data-exfiltration\/#primaryimage"},"thumbnailUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/bltbfb7c8f2ed642c56\/627ad8a5e9dae965bdbcb1dd\/Bug-KonstantinNechaev-Alamy.jpg","articleSection":["DarkReading |TI"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.threatshub.org\/blog\/critical-manageengine-adaudit-plus-vulnerability-allows-network-takeover-mass-data-exfiltration\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/critical-manageengine-adaudit-plus-vulnerability-allows-network-takeover-mass-data-exfiltration\/","url":"https:\/\/www.threatshub.org\/blog\/critical-manageengine-adaudit-plus-vulnerability-allows-network-takeover-mass-data-exfiltration\/","name":"Critical ManageEngine ADAudit Plus Vulnerability Allows Network Takeover, Mass Data Exfiltration 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/critical-manageengine-adaudit-plus-vulnerability-allows-network-takeover-mass-data-exfiltration\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/critical-manageengine-adaudit-plus-vulnerability-allows-network-takeover-mass-data-exfiltration\/#primaryimage"},"thumbnailUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/bltbfb7c8f2ed642c56\/627ad8a5e9dae965bdbcb1dd\/Bug-KonstantinNechaev-Alamy.jpg","datePublished":"2022-06-30T15:17:15+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/critical-manageengine-adaudit-plus-vulnerability-allows-network-takeover-mass-data-exfiltration\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/critical-manageengine-adaudit-plus-vulnerability-allows-network-takeover-mass-data-exfiltration\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/critical-manageengine-adaudit-plus-vulnerability-allows-network-takeover-mass-data-exfiltration\/#primaryimage","url":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/bltbfb7c8f2ed642c56\/627ad8a5e9dae965bdbcb1dd\/Bug-KonstantinNechaev-Alamy.jpg","contentUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/bltbfb7c8f2ed642c56\/627ad8a5e9dae965bdbcb1dd\/Bug-KonstantinNechaev-Alamy.jpg"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/critical-manageengine-adaudit-plus-vulnerability-allows-network-takeover-mass-data-exfiltration\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Critical ManageEngine ADAudit Plus Vulnerability Allows Network Takeover, Mass Data Exfiltration"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/47382","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=47382"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/47382\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=47382"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=47382"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=47382"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}