logo
DATABASE RESOURCES PRICING ABOUT US

ManageEngine ADSelfService Plus Authentication Bypass / Code Execution Exploit

Description

This Metasploit module exploits CVE-2021-40539, a REST API authentication bypass vulnerability in ManageEngine ADSelfService Plus, to upload a JAR and execute it as the user running ADSelfService Plus - which is SYSTEM if started as a service.


Related