Lucene search

[email protected]NVD:CVE-2021-40539

HistorySep 07, 2021 - 5:15 p.m.

CVE-2021-40539

2021-09-0717:15:07

CWE-706

[email protected]

web.nvd.nist.gov

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.975 High

EPSS

Percentile

100.0%

JSON

Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution.

Affected configurations

NVD

Node

zohocorpmanageengine_adselfservice_plusMatch4.54510

zohocorpmanageengine_adselfservice_plusMatch4.54511

zohocorpmanageengine_adselfservice_plusMatch4.54520

zohocorpmanageengine_adselfservice_plusMatch4.54522

zohocorpmanageengine_adselfservice_plusMatch4.54531

zohocorpmanageengine_adselfservice_plusMatch4.54540

zohocorpmanageengine_adselfservice_plusMatch4.54543

zohocorpmanageengine_adselfservice_plusMatch4.54544

zohocorpmanageengine_adselfservice_plusMatch4.54550

zohocorpmanageengine_adselfservice_plusMatch4.54560

zohocorpmanageengine_adselfservice_plusMatch4.54570

zohocorpmanageengine_adselfservice_plusMatch4.54571

zohocorpmanageengine_adselfservice_plusMatch4.54572

zohocorpmanageengine_adselfservice_plusMatch4.54580

zohocorpmanageengine_adselfservice_plusMatch4.54590

zohocorpmanageengine_adselfservice_plusMatch4.54591

zohocorpmanageengine_adselfservice_plusMatch4.54592

zohocorpmanageengine_adselfservice_plusMatch5.05000

zohocorpmanageengine_adselfservice_plusMatch5.05001

zohocorpmanageengine_adselfservice_plusMatch5.05002

zohocorpmanageengine_adselfservice_plusMatch5.05010

zohocorpmanageengine_adselfservice_plusMatch5.05011

zohocorpmanageengine_adselfservice_plusMatch5.05020

zohocorpmanageengine_adselfservice_plusMatch5.05021

zohocorpmanageengine_adselfservice_plusMatch5.05022

zohocorpmanageengine_adselfservice_plusMatch5.05030

zohocorpmanageengine_adselfservice_plusMatch5.05032

zohocorpmanageengine_adselfservice_plusMatch5.05040

zohocorpmanageengine_adselfservice_plusMatch5.05041

zohocorpmanageengine_adselfservice_plusMatch5.0.6

zohocorpmanageengine_adselfservice_plusMatch5.15100

zohocorpmanageengine_adselfservice_plusMatch5.15101

zohocorpmanageengine_adselfservice_plusMatch5.15102

zohocorpmanageengine_adselfservice_plusMatch5.15103

zohocorpmanageengine_adselfservice_plusMatch5.15104

zohocorpmanageengine_adselfservice_plusMatch5.15105

zohocorpmanageengine_adselfservice_plusMatch5.15106

zohocorpmanageengine_adselfservice_plusMatch5.15107

zohocorpmanageengine_adselfservice_plusMatch5.15108

zohocorpmanageengine_adselfservice_plusMatch5.15109

zohocorpmanageengine_adselfservice_plusMatch5.15110

zohocorpmanageengine_adselfservice_plusMatch5.15111

zohocorpmanageengine_adselfservice_plusMatch5.15112

zohocorpmanageengine_adselfservice_plusMatch5.15113

zohocorpmanageengine_adselfservice_plusMatch5.15114

zohocorpmanageengine_adselfservice_plusMatch5.15115

zohocorpmanageengine_adselfservice_plusMatch5.15116

zohocorpmanageengine_adselfservice_plusMatch5.25200

zohocorpmanageengine_adselfservice_plusMatch5.25201

zohocorpmanageengine_adselfservice_plusMatch5.25202

zohocorpmanageengine_adselfservice_plusMatch5.25203

zohocorpmanageengine_adselfservice_plusMatch5.25204

zohocorpmanageengine_adselfservice_plusMatch5.25205

zohocorpmanageengine_adselfservice_plusMatch5.25206

zohocorpmanageengine_adselfservice_plusMatch5.25207

zohocorpmanageengine_adselfservice_plusMatch5.35300

zohocorpmanageengine_adselfservice_plusMatch5.35301

zohocorpmanageengine_adselfservice_plusMatch5.35302

zohocorpmanageengine_adselfservice_plusMatch5.35303

zohocorpmanageengine_adselfservice_plusMatch5.35304

zohocorpmanageengine_adselfservice_plusMatch5.35305

zohocorpmanageengine_adselfservice_plusMatch5.35306

zohocorpmanageengine_adselfservice_plusMatch5.35307

zohocorpmanageengine_adselfservice_plusMatch5.35308

zohocorpmanageengine_adselfservice_plusMatch5.35309

zohocorpmanageengine_adselfservice_plusMatch5.35310

zohocorpmanageengine_adselfservice_plusMatch5.35311

zohocorpmanageengine_adselfservice_plusMatch5.35312

zohocorpmanageengine_adselfservice_plusMatch5.35313

zohocorpmanageengine_adselfservice_plusMatch5.35314

zohocorpmanageengine_adselfservice_plusMatch5.35315

zohocorpmanageengine_adselfservice_plusMatch5.35316

zohocorpmanageengine_adselfservice_plusMatch5.35317

zohocorpmanageengine_adselfservice_plusMatch5.35318

zohocorpmanageengine_adselfservice_plusMatch5.35319

zohocorpmanageengine_adselfservice_plusMatch5.35320

zohocorpmanageengine_adselfservice_plusMatch5.35321

zohocorpmanageengine_adselfservice_plusMatch5.35322

zohocorpmanageengine_adselfservice_plusMatch5.35323

zohocorpmanageengine_adselfservice_plusMatch5.35324

zohocorpmanageengine_adselfservice_plusMatch5.35325

zohocorpmanageengine_adselfservice_plusMatch5.35326

zohocorpmanageengine_adselfservice_plusMatch5.35327

zohocorpmanageengine_adselfservice_plusMatch5.35328

zohocorpmanageengine_adselfservice_plusMatch5.35329

zohocorpmanageengine_adselfservice_plusMatch5.35330

zohocorpmanageengine_adselfservice_plusMatch5.45400

zohocorpmanageengine_adselfservice_plusMatch5.5-

zohocorpmanageengine_adselfservice_plusMatch5.55500

zohocorpmanageengine_adselfservice_plusMatch5.55501

zohocorpmanageengine_adselfservice_plusMatch5.55502

zohocorpmanageengine_adselfservice_plusMatch5.55503

zohocorpmanageengine_adselfservice_plusMatch5.55504

zohocorpmanageengine_adselfservice_plusMatch5.55505

zohocorpmanageengine_adselfservice_plusMatch5.55506

zohocorpmanageengine_adselfservice_plusMatch5.55507

zohocorpmanageengine_adselfservice_plusMatch5.55508

zohocorpmanageengine_adselfservice_plusMatch5.55509

zohocorpmanageengine_adselfservice_plusMatch5.55510

zohocorpmanageengine_adselfservice_plusMatch5.55511

zohocorpmanageengine_adselfservice_plusMatch5.55512

zohocorpmanageengine_adselfservice_plusMatch5.55513

zohocorpmanageengine_adselfservice_plusMatch5.55514

zohocorpmanageengine_adselfservice_plusMatch5.55515

zohocorpmanageengine_adselfservice_plusMatch5.55516

zohocorpmanageengine_adselfservice_plusMatch5.55517

zohocorpmanageengine_adselfservice_plusMatch5.55518

zohocorpmanageengine_adselfservice_plusMatch5.55519

zohocorpmanageengine_adselfservice_plusMatch5.55520

zohocorpmanageengine_adselfservice_plusMatch5.55521

zohocorpmanageengine_adselfservice_plusMatch5.65600

zohocorpmanageengine_adselfservice_plusMatch5.65601

zohocorpmanageengine_adselfservice_plusMatch5.65602

zohocorpmanageengine_adselfservice_plusMatch5.65603

zohocorpmanageengine_adselfservice_plusMatch5.65604

zohocorpmanageengine_adselfservice_plusMatch5.65605

zohocorpmanageengine_adselfservice_plusMatch5.65606

zohocorpmanageengine_adselfservice_plusMatch5.65607

zohocorpmanageengine_adselfservice_plusMatch5.75607

zohocorpmanageengine_adselfservice_plusMatch5.75700

zohocorpmanageengine_adselfservice_plusMatch5.75701

zohocorpmanageengine_adselfservice_plusMatch5.75702

zohocorpmanageengine_adselfservice_plusMatch5.75703

zohocorpmanageengine_adselfservice_plusMatch5.75704

zohocorpmanageengine_adselfservice_plusMatch5.75705

zohocorpmanageengine_adselfservice_plusMatch5.75706

zohocorpmanageengine_adselfservice_plusMatch5.75707

zohocorpmanageengine_adselfservice_plusMatch5.75708

zohocorpmanageengine_adselfservice_plusMatch5.75709

zohocorpmanageengine_adselfservice_plusMatch5.75710

zohocorpmanageengine_adselfservice_plusMatch5.8-

zohocorpmanageengine_adselfservice_plusMatch5.85800

zohocorpmanageengine_adselfservice_plusMatch5.85801

zohocorpmanageengine_adselfservice_plusMatch5.85802

zohocorpmanageengine_adselfservice_plusMatch5.85803

zohocorpmanageengine_adselfservice_plusMatch5.85804

zohocorpmanageengine_adselfservice_plusMatch5.85805

zohocorpmanageengine_adselfservice_plusMatch5.85806

zohocorpmanageengine_adselfservice_plusMatch5.85807

zohocorpmanageengine_adselfservice_plusMatch5.85808

zohocorpmanageengine_adselfservice_plusMatch5.85809

zohocorpmanageengine_adselfservice_plusMatch5.85810

zohocorpmanageengine_adselfservice_plusMatch5.85811

zohocorpmanageengine_adselfservice_plusMatch5.85812

zohocorpmanageengine_adselfservice_plusMatch5.85813

zohocorpmanageengine_adselfservice_plusMatch5.85814

zohocorpmanageengine_adselfservice_plusMatch5.85815

zohocorpmanageengine_adselfservice_plusMatch5.85816

zohocorpmanageengine_adselfservice_plusMatch6.0-

zohocorpmanageengine_adselfservice_plusMatch6.06000

zohocorpmanageengine_adselfservice_plusMatch6.06001

zohocorpmanageengine_adselfservice_plusMatch6.06002

zohocorpmanageengine_adselfservice_plusMatch6.06003

zohocorpmanageengine_adselfservice_plusMatch6.06004

zohocorpmanageengine_adselfservice_plusMatch6.06005

zohocorpmanageengine_adselfservice_plusMatch6.06006

zohocorpmanageengine_adselfservice_plusMatch6.06007

zohocorpmanageengine_adselfservice_plusMatch6.06008

zohocorpmanageengine_adselfservice_plusMatch6.06009

zohocorpmanageengine_adselfservice_plusMatch6.06012

zohocorpmanageengine_adselfservice_plusMatch6.06013

zohocorpmanageengine_adselfservice_plusMatch6.1-

zohocorpmanageengine_adselfservice_plusMatch6.16100

zohocorpmanageengine_adselfservice_plusMatch6.16101

zohocorpmanageengine_adselfservice_plusMatch6.16102

zohocorpmanageengine_adselfservice_plusMatch6.16103

zohocorpmanageengine_adselfservice_plusMatch6.16104

zohocorpmanageengine_adselfservice_plusMatch6.16105

zohocorpmanageengine_adselfservice_plusMatch6.16106

zohocorpmanageengine_adselfservice_plusMatch6.16113

References

packetstormsecurity.com/files/165085/ManageEngine-ADSelfService-Plus-Authentication-Bypass-Code-Execution.html

www.manageengine.com

www.manageengine.com/products/self-service-password/kb/how-to-fix-authentication-bypass-vulnerability-in-REST-API.html

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.975 High

EPSS

Percentile

100.0%

JSON

Related for NVD:CVE-2021-40539