Description

ManageEngine ADSelfService Plus is a self-service password management and single sign-on solution for Active Directory and cloud applications.

ManageEngine ADSelfService Plus builds 6113 and below have an authentication bypass vulnerability in REST API. An unauthenticated attacker could exploit this vulnerability to take control of an affected system.

Remediation

Upgrade to the latest version of ManageEngine ADSelfService Plus

References

Security Advisory - CVE-2021-40539

Related Vulnerabilities

WordPress Plugin Accept Stripe Donation-AidWP Security Bypass (2.8)

WordPress Plugin Ultimate Addons for Elementor Security Bypass (1.20.0)

WordPress Plugin Monarch Social Sharing Security Bypass (1.2.6)

Drupal Core 8.x.x Multiple Security Bypass Vulnerabilities (8.0.0 - 8.8.12)

WordPress Plugin Form Maker by 10Web-Mobile-Friendly Drag & Drop Contact Form Builder Security Bypass (1.7.14)

Severity

High

Classification

CVE-2021-40539 CWE-287 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Authentication Bypass