CVE-2021-40539
Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution.
| Software | From | Fixed in |
|---|---|---|
| zohocorp / manageengine_adselfservice_plus | 6.1-6100 | 6.1-6100.x |
| zohocorp / manageengine_adselfservice_plus | 6.1-6103 | 6.1-6103.x |
| zohocorp / manageengine_adselfservice_plus | 6.1 | 6.1.x |
| zohocorp / manageengine_adselfservice_plus | 6.1-6101 | 6.1-6101.x |
| zohocorp / manageengine_adselfservice_plus | 6.1-6102 | 6.1-6102.x |
| zohocorp / manageengine_adselfservice_plus | 6.1-6104 | 6.1-6104.x |
| zohocorp / manageengine_adselfservice_plus | 6.1-6105 | 6.1-6105.x |
| zohocorp / manageengine_adselfservice_plus | 6.1-6106 | 6.1-6106.x |
| zohocorp / manageengine_adselfservice_plus | 6.1-6113 | 6.1-6113.x |
| zohocorp / manageengine_adselfservice_plus | - | 6.1 |
- http://packetstormsecurity.com/files/165085/ManageEngine-ADSelfService-Plus-Authentication-Bypass-Code-Execution.html
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-40539
- https://www.manageengine.com
- https://www.manageengine.com/products/self-service-password/kb/how-to-fix-authentication-bypass-vulnerability-in-REST-API.html
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime