The ManageEngine Log360 running on the remote host is affected by a security restriction bypass vulnerability due to improper validation of user-supplied data. An unauthenticated, remote attacker can exploit this, via a specially crafted message, to execute arbitrary code on the remote host.

Binary data manageengine_log360_cve-2021-40539.nbin

VendorProductVersionCPE
zohocorpmanageengine_log360cpe:/a:zohocorp:manageengine_log360

Vendor	Product	Version	CPE
zohocorp	manageengine_log360		cpe:/a:zohocorp:manageengine_log360

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40539

www.manageengine.com/log-management/readme.html

mmpc 2

cisa_kev 1

metasploit 1

zdt 1

threatpost 5

krebs 1

mssecure 2

cve 1

nessus 3

thn 9

checkpoint_advisories 1

prion 1

cisa 4

nuclei 1

ics 5

packetstorm 1

malwarebytes 5

githubexploit 2

attackerkb 1

rapid7blog 3

qualysblog 5

avleonov 2

mmpc

Threat actor DEV-0322 exploiting ZOHO ManageEngine ADSelfService Plus

2021-11-09 00:24:55

Patch me if you can: Cyberattack Series

2023-06-29 16:00:00

cisa_kev

Zoho ManageEngine ADSelfService Plus Authentication Bypass Vulnerability

2021-11-03 00:00:00

metasploit

ManageEngine ADSelfService Plus CVE-2021-40539

2021-11-24 01:05:09

zdt

ManageEngine ADSelfService Plus Authentication Bypass / Code Execution Exploit

2021-11-27 00:00:00

threatpost

CISA, FBI: State-Backed APTs Are Exploiting Critical Zoho Bug

2021-09-16 21:09:23

Zoho Password Manager Flaw Torched by Godzilla Webshell, New Data Stealer

2021-11-08 16:38:05

Zoho ManageEngine Password Manager Zero-Day Gets Fix

2021-09-09 12:58:48

krebs

Red Cross Hack Linked to Iranian Influence Operation?

2022-02-16 16:44:19

mssecure

Threat actor DEV-0322 exploiting ZOHO ManageEngine ADSelfService Plus

2021-11-09 00:24:55

Patch me if you can: Cyberattack Series

2023-06-29 16:00:00

cve

CVE-2021-40539

2021-09-07 17:15:00

nessus

ManageEngine EventLog Analyzer < Build 12201 REST API Restriction Bypass RCE

2021-10-04 00:00:00

ManageEngine ADSelfService Plus < build 6114 REST API Authentication Bypass

2021-09-08 00:00:00

ManageEngine ADSelfServicePlus Authentication Bypass (CVE-2021-40539)

2021-11-08 00:00:00

thn

Experts Detail Malicious Code Dropped Using ManageEngine ADSelfService Exploit

2021-11-08 14:39:00

Chinese Hackers Using Never-Before-Seen Tactics for Critical Infrastructure Attacks

2023-06-26 05:51:00

CISA Warns of Actively Exploited Critical Zoho ManageEngine ServiceDesk Vulnerability

2021-12-03 05:24:00

checkpoint_advisories

Zoho ManageEngine ADSelfService Plus Authentication Bypass (CVE-2021-40539)

2021-11-14 00:00:00

prion

Authentication flaw

2021-09-07 17:15:00

cisa

Security Researchers Reveal Activity Targeting ManageEngine ADSelfService Plus

2021-11-09 00:00:00

FBI-CISA-CGCYBER Advisory on APT Exploitation of ManageEngine ADSelfService Plus Vulnerability

2021-09-16 00:00:00

Zoho Releases Security Update for ADSelfService Plus

2021-09-07 00:00:00

nuclei

Zoho ManageEngine ADSelfService Plus v6113 - Unauthenticated Remote Command Execution

2021-09-16 04:07:34

ics

APT Actors Exploiting Newly Identified Vulnerability in ManageEngine ADSelfService Plus

2021-11-22 12:00:00

People's Republic of China State-Sponsored Cyber Actor Living off the Land to Evade Detection

2023-05-24 12:00:00

Top CVEs Actively Exploited By People’s Republic of China State-Sponsored Cyber Actors

2022-10-06 12:00:00

packetstorm

ManageEngine ADSelfService Plus Authentication Bypass / Code Execution

2021-11-27 00:00:00

malwarebytes

FBI and CISA warn of APT groups exploiting ADSelfService Plus

2021-09-17 13:48:46

Security vulnerabilities: 5 times that organizations got hacked

2022-06-21 10:04:02

2022's most routinely exploited vulnerabilities—history repeats

2023-08-07 18:30:00

githubexploit

Exploit for Improper Authentication in Zohocorp Manageengine Adselfservice Plus

2021-09-17 02:51:40

Exploit for Use of Incorrectly-Resolved Name or Reference in Zohocorp Manageengine Adselfservice Plus

2021-11-03 14:49:27

attackerkb

CVE-2021-40539

2021-09-07 00:00:00

rapid7blog

Opportunistic Exploitation of Zoho ManageEngine and Sitecore CVEs

2021-11-09 16:59:41

Metasploit Wrap-Up

2021-11-26 17:21:03

What's New in InsightVM: Q3 2021 in Review

2021-10-08 13:30:00

qualysblog

Qualys Tackles 2022’s Top Routinely Exploited Cyber Vulnerabilities

2023-08-24 19:07:05

CISA Alert: Top 15 Routinely Exploited Vulnerabilities

2022-05-06 12:19:24

NSA Alert: Topmost CVEs Actively Exploited By People’s Republic of China State-Sponsored Cyber Actors

2022-10-07 20:03:01

avleonov

Vulnerability Management news and publications #2

2022-08-14 11:30:44

Joint Advisory AA22-279A and Vulristics

2022-10-21 20:10:13

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

JSON

Related for MANAGEENGINE_LOG360_CVE-2021-40539.NBIN