CVE-2021-37927
Description
Zoho ManageEngine ADManager Plus version 7110 and prior allows account takeover via SSO.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Zoho ManageEngine ADManager Plus versions 7110 and prior allow account takeover via SSO.
Vulnerability
Zoho ManageEngine ADManager Plus version 7110 and prior contains an unspecified vulnerability that allows account takeover via Single Sign-On (SSO) [1]. The exact technical details are not disclosed, but the flaw exists in the SSO implementation.
Exploitation
An attacker can exploit this vulnerability without authentication by manipulating SSO requests, leading to unauthorized account access [1]. No user interaction is required beyond the attacker sending crafted requests to the vulnerable endpoint.
Impact
Successful exploitation allows an attacker to take over any user account in ADManager Plus, gaining full administrative control and access to sensitive directory information [1]. This compromises confidentiality, integrity, and availability of the system.
Mitigation
Zoho released ADManager Plus build 7111 to address this vulnerability [2]. Users should upgrade to build 7111 or later. No workarounds are available for unpatched versions.
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Zoho ManageEngine/ADManager Plusdescription
- Range: <=7110
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- www.manageengine.commitrex_refsource_MISC
- www.manageengine.com/products/ad-manager/release-notes.htmlmitrex_refsource_MISC
- www.manageengine.com/products/self-service-password/release-notes.htmlmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.