CVE-2021-40539

Name of the Vulnerable Software and Affected Versions Zoho ManageEngine ADSelfService Plus versions 6113 and prior.

Description Zoho ManageEngine ADSelfService Plus is susceptible to a REST API authentication bypass, potentially leading to remote code execution. This issue has been actively exploited in attacks by threat actors, including the Trigona ransomware group and APT27. Reports indicate exploitation of this vulnerability in attacks against organizations in the United States and Europe, impacting sectors like communications, water, energy, and transportation. The Red Cross experienced a breach where this vulnerability was used for initial access, allowing attackers to masquerade as legitimate users and steal data. The vulnerability stems from a missing authentication procedure. Exploitation code is publicly available.

Recommendations Update ManageEngine ADSelfService Plus to the latest version to address this issue.