Zoho has released a security patch to address an authentication bypass vulnerability, tracked as CVE-2021-40539, in its ManageEngine ADSelfService Plus. The company also warns the vulnerability is already exploited in attacks in the wild.
The vulnerability resides in the REST API URLs in ADSelfService Plus and could lead to remote code execution (RCE).
“We have addressed an authentication bypass vulnerability affecting the REST API URLs in ADSelfService Plus. This article provides more information on the issue and how to resolve it.” reads the advisory published by the company. “This vulnerability allows an attacker to gain unauthorized access to the product through REST API endpoints by sending a specially crafted request. This would allow the attacker to carry out subsequent attacks resulting in RCE.”
“This is a critical issue. We are noticing indications of this vulnerability being exploited,” Zoho added.
The flaw affects ADSelfService Plus 6113 release and prior, the flaw was addressed with the release of build 6114 or later.
In order to determine if an install is vulnerable, it is possible to check the presence of the following string in the access log entries available in the \ManageEngine\ADSelfService Plus\logs folder:
US CISA also published a security advisory about the CVE-2021-40539 vulnerability.
“Zoho has released a security update on a vulnerability (CVE-2021-40539) affecting ManageEngine ADSelfService Plus builds 6113 and below. CVE-2021-40539 has been detected in exploits in the wild. A remote attacker could exploit this vulnerability to take control of an affected system. ManageEngine ADSelfService Plus is a self-service password management and single sign-on solution for Active Directory and cloud apps.” reads CISA’s advisory “Additionally, CISA strongly urges organizations ensure ADSelfService Plus is not directly accessible from the internet.”
Follow me on Twitter: @securityaffairs and Facebook
| [adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, Zoho)
[adrotate banner=”5″]
[adrotate banner=”13″]
Ivanti addressed two Endpoint Manager Mobile (EPMM) software vulnerabilities that have been exploited in limited…
Microsoft Patch Tuesday security updates for May 2025 addressed 75 security flaws across multiple products, including…
Fortinet fixed a critical remote code execution zero-day vulnerability actively exploited in attacks targeting FortiVoice…
Interlock Ransomware 's attack on a defense contractor exposed global defense supply chain details, risking…
Marks and Spencer (M&S) confirms that threat actors stole customer data in the ransomware attack…
A 45-year-old foreign man has been arrested in Moldova for allegedly participating in ransomware attacks…
This website uses cookies.
