ManageEngine ADAudit Plus has vulnerable endpoints that allowed an unauthenticated attacker to exploit XML External Entities (XXE), Java deserialization and path traversal vulnerabilities. The chain could be leveraged to unauthenticated remote code execution.
