logo
DATABASE RESOURCES PRICING ABOUT US

CVE-2021-40539

Description

Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution. **Recent assessments:** **ccondon-r7** at November 08, 2021 3:18pm UTC reported: Rapid7’s services teams are observing opportunistic exploitation of this vulnerability in the wild. Sounds like coin miners are the payload so far. **wvu-r7** at September 15, 2021 8:54am UTC reported: Rapid7’s services teams are observing opportunistic exploitation of this vulnerability in the wild. Sounds like coin miners are the payload so far. Assessed Attacker Value: 5 Assessed Attacker Value: 5Assessed Attacker Value: 5


Related