← ExploitWatch
HomeExploited Vulnerabilities

CVE-2021-40539 — Actively Exploited: ManageEngine (Zoho)

Zoho ManageEngine ADSelfService Plus contains an authentication bypass vulnerability affecting the REST API URLs which allow for remote code execution.

CVE IDCVE-2021-40539
VendorZoho
ProductManageEngine
Vulnerability nameZoho ManageEngine ADSelfService Plus Authentication Bypass Vulnerability
Date added2021-11-03
Remediation due2021-11-17
Known ransomware useKnown
Required actionApply updates per vendor instructions.
DescriptionZoho ManageEngine ADSelfService Plus contains an authentication bypass vulnerability affecting the REST API URLs which allow for remote code execution.
SourceCISA Known Exploited Vulnerabilities

🔍 Search all exploited vulnerabilities →