CVE-2021-40539 — Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to RES... | CVE Daily

Critical CVSS 9.8

Overview

Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution.

CWE: CWE-706 Published: 2021-09-07T17:15:07.367

Risk analysis

This vulnerability is rated 🔴 CRITICAL.

CVSS: 9.8 (CRITICAL)
Detected tags: rce, unauth_access (tag impact: VERY HIGH)

Recommended actions:

Patch/upgrade immediately (remote code execution).
Reduce exposure (WAF/segmentation), minimize attack surface.
Enforce authentication/authorization; reduce default endpoint exposure.

Recommended tools

Tags