Andreas

**Name of the Vulnerable Software and Affected Versions** Zoho ManageEngine ADAudit Plus versions 7260 and below **Description** The issue is related to insufficient access control in Zoho ManageEngine ADAudit Plus, a Windows Active Directory management and reporting tool. This allows unauthorized local agent machine users to view session recordings of other users. **Recommendations** For Zoho ManageEngine ADAudit Plus versions 7260 and below, consider restricting access to session recordings until a patch is available. As a temporary workaround, limit the privileges of local agent machine users to prevent them from viewing sensitive data. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Zoho ManageEngine ADAudit Plus versions 7260 and below **Description** The issue is related to information disclosure in Zoho ManageEngine ADAudit Plus, a Windows Active Directory management and reporting tool. Exploitation of this issue may allow an attacker to gain unauthorized access to protected information or modify the configuration of the software. It is reported that unauthorized local agent machine users can access sensitive information and modify the agent configuration. **Recommendations** For Zoho ManageEngine ADAudit Plus versions 7260 and below, update to a version above 7260 to resolve the issue. As a temporary workaround, consider restricting access to the agent configuration to minimize the risk of exploitation.