Joe Zhoy

**Name of the Vulnerable Software and Affected Versions** ManageEngine ADSelfService Plus versions 6401 and below **Description** The issue is related to the improper handling in the load balancer component of ManageEngine ADSelfService Plus, which can lead to remote code execution. Authentication is required to exploit this vulnerability. It is estimated that around 1,969 devices are potentially affected, mainly distributed in the United States, India, and other countries. **Recommendations** For ManageEngine ADSelfService Plus versions 6401 and below, update to a version above 6401 to resolve the issue. As a temporary workaround, consider restricting access to the load balancer component until a patch is available. Avoid using the vulnerable load balancer component in the affected API endpoints until the issue is resolved.