Unrated severityCISA KEVNVD Advisory· Published Sep 7, 2021· Updated Oct 21, 2025
CVE-2021-40539
CVE-2021-40539
Description
Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Zoho/ManageEngine ADSelfService Plusdescription
- Range: <=6113
Patches
Vulnerability mechanics
References
3- packetstormsecurity.com/files/165085/ManageEngine-ADSelfService-Plus-Authentication-Bypass-Code-Execution.htmlmitrex_refsource_MISC
- www.manageengine.commitrex_refsource_MISC
- www.manageengine.com/products/self-service-password/kb/how-to-fix-authentication-bypass-vulnerability-in-REST-API.htmlmitrex_refsource_MISC
News mentions
1- Ransomware Tactics, Techniques, and Procedures in a Shifting Threat LandscapeMandiant Threat Intelligence · Mar 16, 2026