CVE-2020-11518
10 August 2020
How I Bruteforced My Way Into Your Active Directory
Zoho ManageEngine ADSelfService Plus < 5815
Unauthenticated RCE via a chain of insecure Java deserialization, arbitrary file upload, and a bruteforceable API authentication key,giving an attacker full code execution on a server with deep Active Directory access.