← Volver a CVEs
CVE-2021-40539
CRITICALCISA KEV9.8
Descripcion
Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution.
Detalles CVE
Puntuacion CVSS v3.19.8
SeveridadCRITICAL
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado9/7/2021
Ultima modificacion11/5/2025
Fuentekev
Avistamientos honeypot0
CISA KEV
VendedorZoho
ProductoManageEngine
Nombre vulnerabilidadZoho ManageEngine ADSelfService Plus Authentication Bypass Vulnerability
Fecha inclusion KEV2021-11-03
Fecha limite remediacion2021-11-17
Uso en ransomwareKnown
Productos afectados
zohocorp:manageengine_adselfservice_plus
Debilidades (CWE)
CWE-706CWE-706
Referencias
http://packetstormsecurity.com/files/165085/ManageEngine-ADSelfService-Plus-Authentication-Bypass-Code-Execution.html(cve@mitre.org)
https://www.manageengine.com(cve@mitre.org)
https://www.manageengine.com/products/self-service-password/kb/how-to-fix-authentication-bypass-vulnerability-in-REST-API.html(cve@mitre.org)
http://packetstormsecurity.com/files/165085/ManageEngine-ADSelfService-Plus-Authentication-Bypass-Code-Execution.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.manageengine.com(af854a3a-2127-422b-91ae-364da2661108)
https://www.manageengine.com/products/self-service-password/kb/how-to-fix-authentication-bypass-vulnerability-in-REST-API.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-40539(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.