February 17, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Alert – Hive Ransomware Extorted $100M From Over 1,300 Companies Worldwide – Active IOCs
November 21, 2022Rewterz Threat Advisory – CVE-2022-42494 – WordPress All in One SEO Pro plugin Vulnerability
November 21, 2022Rewterz Threat Alert – Hive Ransomware Extorted $100M From Over 1,300 Companies Worldwide – Active IOCs
November 21, 2022Rewterz Threat Advisory – CVE-2022-42494 – WordPress All in One SEO Pro plugin Vulnerability
November 21, 2022
Severity
High
Analysis Summary
CVE-2021-40539
Zoho ManageEngine ADSelfService Plus could allow a remote attacker to execute arbitrary code on the system, caused by a REST API authentication bypass. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
Impact
Code Execution
Indicators Of Compromise
CVE
- CVE-2021-40539
Affected Vendors
Zoho
Affected Products
- Zoho ManageEngine ADSelfService Plus 5704
- Zoho ManageEngine ADSelfService Plus 6003
- Zoho ManageEngine ADSelfService Plus 6101
- Zoho ManageEngine ADSelfService Plus 6103
- Zoho ManageEngine ADSelfService Plus 6102
- Zoho ManageEngine ADSelfService Plus 6113
Remediation
Upgrade to the latest version of ADSelfService Plus, available from the ManageEngine Website.