Page Content
Zoho has released a security update on a vulnerability
(CVE-2021-40539) affecting ManageEngine ADSelfService Plus builds 6113 and
below. A remote attacker could exploit this vulnerability to take control of an
affected system. ManageEngine ADSelfService Plus is a self-service password
management and single sign-on solution for Active Directory and cloud apps.
CERT Bulgaria encourages users and administrators to review
the Zoho
advisory for more information and to update to ADSelfService
Plus build 6114.
https://www.manageengine.com/products/self-service-password/kb/how-to-fix-authentication-bypass-vulnerability-in-REST-API.html