Unrated severityCISA KEVNVD Advisory· Published Sep 7, 2021· Updated Oct 21, 2025
CVE-2021-40539
CVE-2021-40539
Description
Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution.
Affected products
1- Zoho/ManageEngine ADSelfService Plusdescription
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- packetstormsecurity.com/files/165085/ManageEngine-ADSelfService-Plus-Authentication-Bypass-Code-Execution.htmlmitrex_refsource_MISC
- www.manageengine.commitrex_refsource_MISC
- www.manageengine.com/products/self-service-password/kb/how-to-fix-authentication-bypass-vulnerability-in-REST-API.htmlmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.