Skip to main content

Vulnerabilities & Exploits

ManageEngine ADSelfService Plus - Remote Code Execution CVE-2021-40539

Severity
Vulnerability description
Not available
Risk description
Not available
Exploit capabilities

Sniper can gain unauthenticated Remote Code Execution on the target system and extract multiple artefacts as evidence.

Recommendation
Not available
References
https://www.manageengine.com/products/self-service-password/kb/how-to-fix-authentication-bypass-vulnerability-in-REST-API.html
Codename
Not available
Detectable with
Network Scanner
Scan engine
Sniper
Cisa Kev
Cybersecurity Infrastructure Security Agency (CISA) Yes
Exploitable with Sniper
Yes
CVE Published
Sep 1, 2021
Detection added at
Software Type
Password management
Vendor
ManageEngine
Product
ADSelfService Plus

Detect & validate this vulnerability

Go beyond surface scans. Get real validation with proprietary tools designed to prove what’s exploitable in your environment.

Compare paid plans See all tools