9.8
CVE-2021-40539
- EPSS 94.42%
- Veröffentlicht 07.09.2021 17:15:07
- Zuletzt bearbeitet 30.07.2025 19:10:23
- Quelle cve@mitre.org
- Teams Watchlist Login
- Unerledigt Login
Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Zohocorp ≫ Manageengine Adselfservice Plus Version4.5 Update4510
Zohocorp ≫ Manageengine Adselfservice Plus Version4.5 Update4511
Zohocorp ≫ Manageengine Adselfservice Plus Version4.5 Update4520
Zohocorp ≫ Manageengine Adselfservice Plus Version4.5 Update4522
Zohocorp ≫ Manageengine Adselfservice Plus Version4.5 Update4531
Zohocorp ≫ Manageengine Adselfservice Plus Version4.5 Update4540
Zohocorp ≫ Manageengine Adselfservice Plus Version4.5 Update4543
Zohocorp ≫ Manageengine Adselfservice Plus Version4.5 Update4544
Zohocorp ≫ Manageengine Adselfservice Plus Version4.5 Update4550
Zohocorp ≫ Manageengine Adselfservice Plus Version4.5 Update4560
Zohocorp ≫ Manageengine Adselfservice Plus Version4.5 Update4570
Zohocorp ≫ Manageengine Adselfservice Plus Version4.5 Update4571
Zohocorp ≫ Manageengine Adselfservice Plus Version4.5 Update4572
Zohocorp ≫ Manageengine Adselfservice Plus Version4.5 Update4580
Zohocorp ≫ Manageengine Adselfservice Plus Version4.5 Update4590
Zohocorp ≫ Manageengine Adselfservice Plus Version4.5 Update4591
Zohocorp ≫ Manageengine Adselfservice Plus Version4.5 Update4592
Zohocorp ≫ Manageengine Adselfservice Plus Version5.0 Update5000
Zohocorp ≫ Manageengine Adselfservice Plus Version5.0 Update5001
Zohocorp ≫ Manageengine Adselfservice Plus Version5.0 Update5002
Zohocorp ≫ Manageengine Adselfservice Plus Version5.0 Update5010
Zohocorp ≫ Manageengine Adselfservice Plus Version5.0 Update5011
Zohocorp ≫ Manageengine Adselfservice Plus Version5.0 Update5020
Zohocorp ≫ Manageengine Adselfservice Plus Version5.0 Update5021
Zohocorp ≫ Manageengine Adselfservice Plus Version5.0 Update5022
Zohocorp ≫ Manageengine Adselfservice Plus Version5.0 Update5030
Zohocorp ≫ Manageengine Adselfservice Plus Version5.0 Update5032
Zohocorp ≫ Manageengine Adselfservice Plus Version5.0 Update5040
Zohocorp ≫ Manageengine Adselfservice Plus Version5.0 Update5041
Zohocorp ≫ Manageengine Adselfservice Plus Version5.0.6
Zohocorp ≫ Manageengine Adselfservice Plus Version5.1 Update5100
Zohocorp ≫ Manageengine Adselfservice Plus Version5.1 Update5101
Zohocorp ≫ Manageengine Adselfservice Plus Version5.1 Update5102
Zohocorp ≫ Manageengine Adselfservice Plus Version5.1 Update5103
Zohocorp ≫ Manageengine Adselfservice Plus Version5.1 Update5104
Zohocorp ≫ Manageengine Adselfservice Plus Version5.1 Update5105
Zohocorp ≫ Manageengine Adselfservice Plus Version5.1 Update5106
Zohocorp ≫ Manageengine Adselfservice Plus Version5.1 Update5107
Zohocorp ≫ Manageengine Adselfservice Plus Version5.1 Update5108
Zohocorp ≫ Manageengine Adselfservice Plus Version5.1 Update5109
Zohocorp ≫ Manageengine Adselfservice Plus Version5.1 Update5110
Zohocorp ≫ Manageengine Adselfservice Plus Version5.1 Update5111
Zohocorp ≫ Manageengine Adselfservice Plus Version5.1 Update5112
Zohocorp ≫ Manageengine Adselfservice Plus Version5.1 Update5113
Zohocorp ≫ Manageengine Adselfservice Plus Version5.1 Update5114
Zohocorp ≫ Manageengine Adselfservice Plus Version5.1 Update5115
Zohocorp ≫ Manageengine Adselfservice Plus Version5.1 Update5116
Zohocorp ≫ Manageengine Adselfservice Plus Version5.2 Update5200
Zohocorp ≫ Manageengine Adselfservice Plus Version5.2 Update5201
Zohocorp ≫ Manageengine Adselfservice Plus Version5.2 Update5202
Zohocorp ≫ Manageengine Adselfservice Plus Version5.2 Update5203
Zohocorp ≫ Manageengine Adselfservice Plus Version5.2 Update5204
Zohocorp ≫ Manageengine Adselfservice Plus Version5.2 Update5205
Zohocorp ≫ Manageengine Adselfservice Plus Version5.2 Update5206
Zohocorp ≫ Manageengine Adselfservice Plus Version5.2 Update5207
Zohocorp ≫ Manageengine Adselfservice Plus Version5.3 Update5300
Zohocorp ≫ Manageengine Adselfservice Plus Version5.3 Update5301
Zohocorp ≫ Manageengine Adselfservice Plus Version5.3 Update5302
Zohocorp ≫ Manageengine Adselfservice Plus Version5.3 Update5303
Zohocorp ≫ Manageengine Adselfservice Plus Version5.3 Update5304
Zohocorp ≫ Manageengine Adselfservice Plus Version5.3 Update5305
Zohocorp ≫ Manageengine Adselfservice Plus Version5.3 Update5306
Zohocorp ≫ Manageengine Adselfservice Plus Version5.3 Update5307
Zohocorp ≫ Manageengine Adselfservice Plus Version5.3 Update5308
Zohocorp ≫ Manageengine Adselfservice Plus Version5.3 Update5309
Zohocorp ≫ Manageengine Adselfservice Plus Version5.3 Update5310
Zohocorp ≫ Manageengine Adselfservice Plus Version5.3 Update5311
Zohocorp ≫ Manageengine Adselfservice Plus Version5.3 Update5312
Zohocorp ≫ Manageengine Adselfservice Plus Version5.3 Update5313
Zohocorp ≫ Manageengine Adselfservice Plus Version5.3 Update5314
Zohocorp ≫ Manageengine Adselfservice Plus Version5.3 Update5315
Zohocorp ≫ Manageengine Adselfservice Plus Version5.3 Update5316
Zohocorp ≫ Manageengine Adselfservice Plus Version5.3 Update5317
Zohocorp ≫ Manageengine Adselfservice Plus Version5.3 Update5318
Zohocorp ≫ Manageengine Adselfservice Plus Version5.3 Update5319
Zohocorp ≫ Manageengine Adselfservice Plus Version5.3 Update5320
Zohocorp ≫ Manageengine Adselfservice Plus Version5.3 Update5321
Zohocorp ≫ Manageengine Adselfservice Plus Version5.3 Update5322
Zohocorp ≫ Manageengine Adselfservice Plus Version5.3 Update5323
Zohocorp ≫ Manageengine Adselfservice Plus Version5.3 Update5324
Zohocorp ≫ Manageengine Adselfservice Plus Version5.3 Update5325
Zohocorp ≫ Manageengine Adselfservice Plus Version5.3 Update5326
Zohocorp ≫ Manageengine Adselfservice Plus Version5.3 Update5327
Zohocorp ≫ Manageengine Adselfservice Plus Version5.3 Update5328
Zohocorp ≫ Manageengine Adselfservice Plus Version5.3 Update5329
Zohocorp ≫ Manageengine Adselfservice Plus Version5.3 Update5330
Zohocorp ≫ Manageengine Adselfservice Plus Version5.4 Update5400
Zohocorp ≫ Manageengine Adselfservice Plus Version5.5 Update-
Zohocorp ≫ Manageengine Adselfservice Plus Version5.5 Update5500
Zohocorp ≫ Manageengine Adselfservice Plus Version5.5 Update5501
Zohocorp ≫ Manageengine Adselfservice Plus Version5.5 Update5502
Zohocorp ≫ Manageengine Adselfservice Plus Version5.5 Update5503
Zohocorp ≫ Manageengine Adselfservice Plus Version5.5 Update5504
Zohocorp ≫ Manageengine Adselfservice Plus Version5.5 Update5505
Zohocorp ≫ Manageengine Adselfservice Plus Version5.5 Update5506
Zohocorp ≫ Manageengine Adselfservice Plus Version5.5 Update5507
Zohocorp ≫ Manageengine Adselfservice Plus Version5.5 Update5508
Zohocorp ≫ Manageengine Adselfservice Plus Version5.5 Update5509
Zohocorp ≫ Manageengine Adselfservice Plus Version5.5 Update5510
Zohocorp ≫ Manageengine Adselfservice Plus Version5.5 Update5511
Zohocorp ≫ Manageengine Adselfservice Plus Version5.5 Update5512
Zohocorp ≫ Manageengine Adselfservice Plus Version5.5 Update5513
Zohocorp ≫ Manageengine Adselfservice Plus Version5.5 Update5514
Zohocorp ≫ Manageengine Adselfservice Plus Version5.5 Update5515
Zohocorp ≫ Manageengine Adselfservice Plus Version5.5 Update5516
Zohocorp ≫ Manageengine Adselfservice Plus Version5.5 Update5517
Zohocorp ≫ Manageengine Adselfservice Plus Version5.5 Update5518
Zohocorp ≫ Manageengine Adselfservice Plus Version5.5 Update5519
Zohocorp ≫ Manageengine Adselfservice Plus Version5.5 Update5520
Zohocorp ≫ Manageengine Adselfservice Plus Version5.5 Update5521
Zohocorp ≫ Manageengine Adselfservice Plus Version5.6 Update5600
Zohocorp ≫ Manageengine Adselfservice Plus Version5.6 Update5601
Zohocorp ≫ Manageengine Adselfservice Plus Version5.6 Update5602
Zohocorp ≫ Manageengine Adselfservice Plus Version5.6 Update5603
Zohocorp ≫ Manageengine Adselfservice Plus Version5.6 Update5604
Zohocorp ≫ Manageengine Adselfservice Plus Version5.6 Update5605
Zohocorp ≫ Manageengine Adselfservice Plus Version5.6 Update5606
Zohocorp ≫ Manageengine Adselfservice Plus Version5.6 Update5607
Zohocorp ≫ Manageengine Adselfservice Plus Version5.7 Update5607
Zohocorp ≫ Manageengine Adselfservice Plus Version5.7 Update5700
Zohocorp ≫ Manageengine Adselfservice Plus Version5.7 Update5701
Zohocorp ≫ Manageengine Adselfservice Plus Version5.7 Update5702
Zohocorp ≫ Manageengine Adselfservice Plus Version5.7 Update5703
Zohocorp ≫ Manageengine Adselfservice Plus Version5.7 Update5704
Zohocorp ≫ Manageengine Adselfservice Plus Version5.7 Update5705
Zohocorp ≫ Manageengine Adselfservice Plus Version5.7 Update5706
Zohocorp ≫ Manageengine Adselfservice Plus Version5.7 Update5707
Zohocorp ≫ Manageengine Adselfservice Plus Version5.7 Update5708
Zohocorp ≫ Manageengine Adselfservice Plus Version5.7 Update5709
Zohocorp ≫ Manageengine Adselfservice Plus Version5.7 Update5710
Zohocorp ≫ Manageengine Adselfservice Plus Version5.8 Update-
Zohocorp ≫ Manageengine Adselfservice Plus Version5.8 Update5800
Zohocorp ≫ Manageengine Adselfservice Plus Version5.8 Update5801
Zohocorp ≫ Manageengine Adselfservice Plus Version5.8 Update5802
Zohocorp ≫ Manageengine Adselfservice Plus Version5.8 Update5803
Zohocorp ≫ Manageengine Adselfservice Plus Version5.8 Update5804
Zohocorp ≫ Manageengine Adselfservice Plus Version5.8 Update5805
Zohocorp ≫ Manageengine Adselfservice Plus Version5.8 Update5806
Zohocorp ≫ Manageengine Adselfservice Plus Version5.8 Update5807
Zohocorp ≫ Manageengine Adselfservice Plus Version5.8 Update5808
Zohocorp ≫ Manageengine Adselfservice Plus Version5.8 Update5809
Zohocorp ≫ Manageengine Adselfservice Plus Version5.8 Update5810
Zohocorp ≫ Manageengine Adselfservice Plus Version5.8 Update5811
Zohocorp ≫ Manageengine Adselfservice Plus Version5.8 Update5812
Zohocorp ≫ Manageengine Adselfservice Plus Version5.8 Update5813
Zohocorp ≫ Manageengine Adselfservice Plus Version5.8 Update5814
Zohocorp ≫ Manageengine Adselfservice Plus Version5.8 Update5815
Zohocorp ≫ Manageengine Adselfservice Plus Version5.8 Update5816
Zohocorp ≫ Manageengine Adselfservice Plus Version6.0 Update-
Zohocorp ≫ Manageengine Adselfservice Plus Version6.0 Update6000
Zohocorp ≫ Manageengine Adselfservice Plus Version6.0 Update6001
Zohocorp ≫ Manageengine Adselfservice Plus Version6.0 Update6002
Zohocorp ≫ Manageengine Adselfservice Plus Version6.0 Update6003
Zohocorp ≫ Manageengine Adselfservice Plus Version6.0 Update6004
Zohocorp ≫ Manageengine Adselfservice Plus Version6.0 Update6005
Zohocorp ≫ Manageengine Adselfservice Plus Version6.0 Update6006
Zohocorp ≫ Manageengine Adselfservice Plus Version6.0 Update6007
Zohocorp ≫ Manageengine Adselfservice Plus Version6.0 Update6008
Zohocorp ≫ Manageengine Adselfservice Plus Version6.0 Update6009
Zohocorp ≫ Manageengine Adselfservice Plus Version6.0 Update6012
Zohocorp ≫ Manageengine Adselfservice Plus Version6.0 Update6013
Zohocorp ≫ Manageengine Adselfservice Plus Version6.1 Update-
Zohocorp ≫ Manageengine Adselfservice Plus Version6.1 Update6100
Zohocorp ≫ Manageengine Adselfservice Plus Version6.1 Update6101
Zohocorp ≫ Manageengine Adselfservice Plus Version6.1 Update6102
Zohocorp ≫ Manageengine Adselfservice Plus Version6.1 Update6103
Zohocorp ≫ Manageengine Adselfservice Plus Version6.1 Update6104
Zohocorp ≫ Manageengine Adselfservice Plus Version6.1 Update6105
Zohocorp ≫ Manageengine Adselfservice Plus Version6.1 Update6106
Zohocorp ≫ Manageengine Adselfservice Plus Version6.1 Update6113
03.11.2021: CISA Known Exploited Vulnerabilities (KEV) Catalog
Zoho ManageEngine ADSelfService Plus Authentication Bypass Vulnerability
SchwachstelleZoho ManageEngine ADSelfService Plus contains an authentication bypass vulnerability affecting the REST API URLs which allow for remote code execution.
BeschreibungApply updates per vendor instructions.
Erforderliche Maßnahmen| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 94.42% | 0.999 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-706 Use of Incorrectly-Resolved Name or Reference
The product uses a name or reference to access a resource, but the name/reference resolves to a resource that is outside of the intended control sphere.