Issued: Wednesday, 29 September, 2021 |
Last Revision: Wednesday, 29 September, 2021 |
Vendor: |
Product: |
Severity Level: |
Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass vulnerability that could result in remote code execution (RCE).
This vulnerability allows an attacker to gain unauthorized access to the product through REST API endpoints by sending a specially crafted request. This would allow the attacker to carry out subsequent attacks resulting in RCE.
Organization are advised to follow ManageEngine recommendation to identify the affected installation and action for affected and not affected ADSelfService Plus installation.
CVE | Description | CVSS3.0 Score |
CVE-2021-40539 | Authentication bypass vulnerability | 9.8 |
Table 1: Vulnerability details
Vulnerability / CVE | Affected Product(s) |
CVE-2021-40539 | ADSelfService Plus builds up to 6113 |
Table 2: Vulnerability Versions
Please refer to the references.