Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Mon, 03 Feb 2025 16:15:00 +0000

Type Values Removed Values Added
Metrics kev

{'dateAdded': '2021-11-03'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2025-07-30T01:38:01.724Z

Reserved: 2021-09-06T00:00:00.000Z

Link: CVE-2021-40539

cve-icon Vulnrichment

Updated: 2024-08-04T02:44:10.872Z

cve-icon NVD

Status : Analyzed

Published: 2021-09-07T17:15:07.367

Modified: 2025-07-30T19:10:23.040

Link: CVE-2021-40539

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.