CVE-2021-40539

Known Exploited (CISA KEV)CRITICAL

9.8

CVSS Severity Score

EPSS Score42.9920%

EPSS Percentile96.93th

Published2021年9月7日

Last Modified2025年11月5日

Vulnerability Description

Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution.

Affected Platforms (CPE)

📦

Zohocorp

Manageengine Adselfservice Plus

< 6.1

📦

Zohocorp

Manageengine Adselfservice Plus

= 6.1

📦

Zohocorp

Manageengine Adselfservice Plus

= 6.1

📦

Zohocorp

Manageengine Adselfservice Plus

= 6.1

📦

Zohocorp

Manageengine Adselfservice Plus

= 6.1

📦

Zohocorp

Manageengine Adselfservice Plus

= 6.1

📦

Zohocorp

Manageengine Adselfservice Plus

= 6.1

📦

Zohocorp

Manageengine Adselfservice Plus

= 6.1

📦

Zohocorp

Manageengine Adselfservice Plus

= 6.1

📦

Zohocorp

Manageengine Adselfservice Plus

= 6.1

References & Advisories

🔗 http://packetstormsecurity.com/files/165085/ManageEngine-ADSelfService-Plus-Authentication-Bypass-Code-Execution.html

🔗 https://www.manageengine.com

🔗 https://www.manageengine.com/products/self-service-password/kb/how-to-fix-authentication-bypass-vulnerability-in-REST-API.html

🔗 http://packetstormsecurity.com/files/165085/ManageEngine-ADSelfService-Plus-Authentication-Bypass-Code-Execution.html

🔗 https://www.manageengine.com

🔗 https://www.manageengine.com/products/self-service-password/kb/how-to-fix-authentication-bypass-vulnerability-in-REST-API.html

🔗 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-40539

Vulnerability Description

Affected Platforms (CPE)

Manageengine Adselfservice Plus

Manageengine Adselfservice Plus

Manageengine Adselfservice Plus

Manageengine Adselfservice Plus

Manageengine Adselfservice Plus

Manageengine Adselfservice Plus

Manageengine Adselfservice Plus

Manageengine Adselfservice Plus

Manageengine Adselfservice Plus

Manageengine Adselfservice Plus

References & Advisories

相关漏洞威胁