top of page

Security update released for critical auth bypass vulnerability, that affected ADSelfService Plus

Writer's picture: Rachel HanlonRachel Hanlon

Description

Researchers have released a security update for critical authentication bypass vulnerability (CVE-2021-40539), this vulnerability allows attackers to gain access to ADSelfService Plus though REST API URLs. Successful Exploitation of this vulnerability could result in Remote Code Execution (RCE) by remote attackers.


Affected Products: ManageEngine ADSelfService Plus 6113 and earlier.

Note: Researchers have observed exploitation of this vulnerability in wild.


Recommendation

Workaround:

It is recommended to keep ADSelfService Plus running at the current released patch level.

This vulnerability can be exploited in unpatched ADSelfService installations, therefore we would strongly recommend that even if your installation of ADSelfService Plus has not yet been affected, you ensure it is updated to the latest build which is 6114.

Reference:



Recent Posts

See All

Comments


Testimonials

Ibec - For Irish Business

"Ibec engaged with VISO two years ago.  While our primary objective was to improve our information security posture, we were also looking for a long-term partner with expertise and knowledge of the continually evolving cyber landscape. The professionals at VISO are a pleasure to work with and their team is always on hand when we need them."

2-3 Prospect Road, Glasnevin, Dublin 9, D09 K5V2

​

​

Telephone: Ireland +353 1 9121331  U.K.  +44 20 30260575

 

We simplify Cyber Security 

​

Privacy Policy

  • Twitter
  • Facebook
  • LinkedIn

© 2022 proudly created by The Rainbow Vault

ISO 27001 Cyber Security standard_Awarded to VISO Cyber Security
cyberessentials_certification- awarded to VISO Cyber Security
bottom of page