CVE-2021-40539

Known Exploited (CISA KEV)CRITICAL

9.8

CVSS Severity Score

EPSS Score42.9920%

EPSS Percentile96.93th

PublishedSep 7, 2021

Last ModifiedNov 5, 2025

Vulnerability Description

Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution.

Affected Platforms (CPE)

📦

Zohocorp

Manageengine Adselfservice Plus

< 6.1

📦

Zohocorp

Manageengine Adselfservice Plus

= 6.1

📦

Zohocorp

Manageengine Adselfservice Plus

= 6.1

📦

Zohocorp

Manageengine Adselfservice Plus

= 6.1

📦

Zohocorp

Manageengine Adselfservice Plus

= 6.1

📦

Zohocorp

Manageengine Adselfservice Plus

= 6.1

📦

Zohocorp

Manageengine Adselfservice Plus

= 6.1

📦

Zohocorp

Manageengine Adselfservice Plus

= 6.1

📦

Zohocorp

Manageengine Adselfservice Plus

= 6.1

📦

Zohocorp

Manageengine Adselfservice Plus

= 6.1

References & Advisories

🔗 http://packetstormsecurity.com/files/165085/ManageEngine-ADSelfService-Plus-Authentication-Bypass-Code-Execution.html

🔗 https://www.manageengine.com

🔗 https://www.manageengine.com/products/self-service-password/kb/how-to-fix-authentication-bypass-vulnerability-in-REST-API.html

🔗 http://packetstormsecurity.com/files/165085/ManageEngine-ADSelfService-Plus-Authentication-Bypass-Code-Execution.html

🔗 https://www.manageengine.com

🔗 https://www.manageengine.com/products/self-service-password/kb/how-to-fix-authentication-bypass-vulnerability-in-REST-API.html

🔗 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-40539

Vulnerability Description

Affected Platforms (CPE)

Manageengine Adselfservice Plus

Manageengine Adselfservice Plus

Manageengine Adselfservice Plus

Manageengine Adselfservice Plus

Manageengine Adselfservice Plus

Manageengine Adselfservice Plus

Manageengine Adselfservice Plus

Manageengine Adselfservice Plus

Manageengine Adselfservice Plus

Manageengine Adselfservice Plus

References & Advisories

Related Vulnerabilities