CVE-2021-40539
Zoho ManageEngine ADSelfService Plus Authentication Bypass Vulnerability
CVSS
—
Sin CVSS
EPSS
99.0%
p100
KEV
SÍ
3 nov 2021
Exploit Today
80
0-100
Publicado: — · Última mod.: —
99.0%EPSS · 30 días99.0%
2026-06-302026-07-16
Producto
Zoho / ManageEngine
Vulnerabilidad
Zoho ManageEngine ADSelfService Plus Authentication Bypass Vulnerability
Añadido a KEV
3 nov 2021
Remediar antes de
17 nov 2021
Uso conocido en ransomware
Sí
Descripción resumida
Zoho ManageEngine ADSelfService Plus contains an authentication bypass vulnerability affecting the REST API URLs which allow for remote code execution.
Acción requerida
Apply updates per vendor instructions.
Notas
https://nvd.nist.gov/vuln/detail/CVE-2021-40539
CVECVSSEPSSKEVRExplotTítuloVis.
CVE-2022-35405—100.0%
KEV—80Zoho ManageEngine Multiple Products Remote Code Execution Vulnerability—CVE-2022-47966—100.0%
KEV—80Zoho ManageEngine Multiple Products Remote Code Execution Vulnerability—CVE-2020-10189—100.0%
KEV—80Zoho ManageEngine Desktop Central File Upload Vulnerability—CVE-2022-28810—99.3%
KEV—80Zoho ManageEngine ADSelfService Plus Remote Code Execution Vulnerability—CVE-2019-8394—99.1%
KEV—80Zoho ManageEngine ServiceDesk Plus (SDP) File Upload Vulnerability—