Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution.

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is in the KEV database since Nov. 3, 2021.

The EPSS score is 0.94424.

Exploitation active

Automatable yes

Technical Impact total

Affected Vendors & Products

Vendors Products
Zohocorp
  • Manageengine Adselfservice Plus

Configuration 1 [-]

OR cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4510:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4511:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4520:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4522:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4531:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4540:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4543:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4544:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4550:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4560:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4570:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4571:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4572:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4580:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4590:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4591:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:4.5:4592:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5000:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5001:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5002:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5010:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5011:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5020:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5021:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5022:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5030:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5032:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5040:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0:5041:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.0.6:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5100:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5101:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5102:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5103:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5104:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5105:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5106:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5107:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5108:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5109:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5110:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5111:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5112:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5113:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5114:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5115:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.1:5116:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5200:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5201:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5202:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5203:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5204:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5205:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5206:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.2:5207:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5300:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5301:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5302:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5303:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5304:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5305:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5306:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5307:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5308:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5309:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5310:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5311:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5312:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5313:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5314:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5315:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5316:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5317:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5318:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5319:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5320:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5321:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5322:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5323:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5324:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5325:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5326:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5327:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5328:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5329:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.3:5330:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.4:5400:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:-:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5500:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5501:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5502:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5503:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5504:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5505:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5506:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5507:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5508:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5509:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5510:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5511:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5512:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5513:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5514:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5515:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5516:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5517:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5518:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5519:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5520:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.5:5521:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5600:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5601:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5602:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5603:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5604:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5605:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5606:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.6:5607:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5607:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5700:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5701:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5702:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5703:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5704:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5705:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5706:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5707:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5708:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5709:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.7:5710:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:-:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5800:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5801:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5802:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5803:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5804:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5805:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5806:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5807:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5808:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5809:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5810:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5811:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5812:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5813:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5814:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5815:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:5.8:5816:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:-:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:6000:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:6001:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:6002:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:6003:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:6004:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:6005:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:6006:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:6007:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:6008:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:6009:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:6012:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.0:6013:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:-:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6100:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6101:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6102:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6103:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6104:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6105:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6106:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6113:*:*:*:*:*:*

No data.

No data.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
http://packetstormsecurity.com/files/165085/ManageEngine-ADSelfService-Plus-Authentication-Bypass-Code-Execution.html cve-icon cve-icon
https://www.manageengine.com cve-icon cve-icon
https://www.manageengine.com/products/self-service-password/kb/how-to-fix-authentication-bypass-vulnerability-in-REST-API.html cve-icon cve-icon
History

Mon, 03 Feb 2025 16:15:00 +0000

Type Values Removed Values Added
Metrics kev

{'dateAdded': '2021-11-03'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2025-07-30T01:38:01.724Z

Reserved: 2021-09-06T00:00:00.000Z

Link: CVE-2021-40539

cve-icon Vulnrichment

Updated: 2024-08-04T02:44:10.872Z

cve-icon NVD

Status : Analyzed

Published: 2021-09-07T17:15:07.367

Modified: 2025-07-30T19:10:23.040

Link: CVE-2021-40539

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.