CVE-2021-28958: OS Command Injection
First published: Fri Jun 25 2021(Updated: )
Zoho ManageEngine ADSelfService Plus through 6101 is vulnerable to unauthenticated Remote Code Execution while changing the password.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| ADSelfService Plus | =4.5-4510 | |
| ADSelfService Plus | =4.5-4511 | |
| ADSelfService Plus | =4.5-4520 | |
| ADSelfService Plus | =4.5-4522 | |
| ADSelfService Plus | =4.5-4531 | |
| ADSelfService Plus | =4.5-4540 | |
| ADSelfService Plus | =4.5-4543 | |
| ADSelfService Plus | =4.5-4544 | |
| ADSelfService Plus | =4.5-4550 | |
| ADSelfService Plus | =4.5-4560 | |
| ADSelfService Plus | =4.5-4570 | |
| ADSelfService Plus | =4.5-4571 | |
| ADSelfService Plus | =4.5-4572 | |
| ADSelfService Plus | =4.5-4580 | |
| ADSelfService Plus | =4.5-4590 | |
| ADSelfService Plus | =4.5-4591 | |
| ADSelfService Plus | =4.5-4592 | |
| ADSelfService Plus | =5.0-5000 | |
| ADSelfService Plus | =5.0-5001 | |
| ADSelfService Plus | =5.0-5002 | |
| ADSelfService Plus | =5.0-5010 | |
| ADSelfService Plus | =5.0-5011 | |
| ADSelfService Plus | =5.0-5020 | |
| ADSelfService Plus | =5.0-5021 | |
| ADSelfService Plus | =5.0-5022 | |
| ADSelfService Plus | =5.0-5030 | |
| ADSelfService Plus | =5.0-5032 | |
| ADSelfService Plus | =5.0-5040 | |
| ADSelfService Plus | =5.0-5041 | |
| ADSelfService Plus | =5.0.6 | |
| ADSelfService Plus | =5.1-5100 | |
| ADSelfService Plus | =5.1-5101 | |
| ADSelfService Plus | =5.1-5102 | |
| ADSelfService Plus | =5.1-5103 | |
| ADSelfService Plus | =5.1-5104 | |
| ADSelfService Plus | =5.1-5105 | |
| ADSelfService Plus | =5.1-5106 | |
| ADSelfService Plus | =5.1-5107 | |
| ADSelfService Plus | =5.1-5108 | |
| ADSelfService Plus | =5.1-5109 | |
| ADSelfService Plus | =5.1-5110 | |
| ADSelfService Plus | =5.1-5111 | |
| ADSelfService Plus | =5.1-5112 | |
| ADSelfService Plus | =5.1-5113 | |
| ADSelfService Plus | =5.1-5114 | |
| ADSelfService Plus | =5.1-5115 | |
| ADSelfService Plus | =5.1-5116 | |
| ADSelfService Plus | =5.2-5200 | |
| ADSelfService Plus | =5.2-5201 | |
| ADSelfService Plus | =5.2-5202 | |
| ADSelfService Plus | =5.2-5203 | |
| ADSelfService Plus | =5.2-5204 | |
| ADSelfService Plus | =5.2-5205 | |
| ADSelfService Plus | =5.2-5206 | |
| ADSelfService Plus | =5.2-5207 | |
| ADSelfService Plus | =5.3-5300 | |
| ADSelfService Plus | =5.3-5301 | |
| ADSelfService Plus | =5.3-5302 | |
| ADSelfService Plus | =5.3-5303 | |
| ADSelfService Plus | =5.3-5304 | |
| ADSelfService Plus | =5.3-5305 | |
| ADSelfService Plus | =5.3-5306 | |
| ADSelfService Plus | =5.3-5307 | |
| ADSelfService Plus | =5.3-5308 | |
| ADSelfService Plus | =5.3-5309 | |
| ADSelfService Plus | =5.3-5310 | |
| ADSelfService Plus | =5.3-5311 | |
| ADSelfService Plus | =5.3-5312 | |
| ADSelfService Plus | =5.3-5313 | |
| ADSelfService Plus | =5.3-5314 | |
| ADSelfService Plus | =5.3-5315 | |
| ADSelfService Plus | =5.3-5316 | |
| ADSelfService Plus | =5.3-5317 | |
| ADSelfService Plus | =5.3-5318 | |
| ADSelfService Plus | =5.3-5319 | |
| ADSelfService Plus | =5.3-5320 | |
| ADSelfService Plus | =5.3-5321 | |
| ADSelfService Plus | =5.3-5322 | |
| ADSelfService Plus | =5.3-5323 | |
| ADSelfService Plus | =5.3-5324 | |
| ADSelfService Plus | =5.3-5325 | |
| ADSelfService Plus | =5.3-5326 | |
| ADSelfService Plus | =5.3-5327 | |
| ADSelfService Plus | =5.3-5328 | |
| ADSelfService Plus | =5.3-5329 | |
| ADSelfService Plus | =5.3-5330 | |
| ADSelfService Plus | =5.4-5400 | |
| ADSelfService Plus | =5.5 | |
| ADSelfService Plus | =5.5-5500 | |
| ADSelfService Plus | =5.5-5501 | |
| ADSelfService Plus | =5.5-5502 | |
| ADSelfService Plus | =5.5-5503 | |
| ADSelfService Plus | =5.5-5504 | |
| ADSelfService Plus | =5.5-5505 | |
| ADSelfService Plus | =5.5-5506 | |
| ADSelfService Plus | =5.5-5507 | |
| ADSelfService Plus | =5.5-5508 | |
| ADSelfService Plus | =5.5-5509 | |
| ADSelfService Plus | =5.5-5510 | |
| ADSelfService Plus | =5.5-5511 | |
| ADSelfService Plus | =5.5-5512 | |
| ADSelfService Plus | =5.5-5513 | |
| ADSelfService Plus | =5.5-5514 | |
| ADSelfService Plus | =5.5-5515 | |
| ADSelfService Plus | =5.5-5516 | |
| ADSelfService Plus | =5.5-5517 | |
| ADSelfService Plus | =5.5-5518 | |
| ADSelfService Plus | =5.5-5519 | |
| ADSelfService Plus | =5.5-5520 | |
| ADSelfService Plus | =5.5-5521 | |
| ADSelfService Plus | =5.6-5600 | |
| ADSelfService Plus | =5.6-5601 | |
| ADSelfService Plus | =5.6-5602 | |
| ADSelfService Plus | =5.6-5603 | |
| ADSelfService Plus | =5.6-5604 | |
| ADSelfService Plus | =5.6-5605 | |
| ADSelfService Plus | =5.6-5606 | |
| ADSelfService Plus | =5.6-5607 | |
| ADSelfService Plus | =5.7-5607 | |
| ADSelfService Plus | =5.7-5700 | |
| ADSelfService Plus | =5.7-5701 | |
| ADSelfService Plus | =5.7-5702 | |
| ADSelfService Plus | =5.7-5703 | |
| ADSelfService Plus | =5.7-5704 | |
| ADSelfService Plus | =5.7-5705 | |
| ADSelfService Plus | =5.7-5706 | |
| ADSelfService Plus | =5.7-5707 | |
| ADSelfService Plus | =5.7-5708 | |
| ADSelfService Plus | =5.7-5709 | |
| ADSelfService Plus | =5.7-5710 | |
| ADSelfService Plus | =5.8 | |
| ADSelfService Plus | =5.8-5800 | |
| ADSelfService Plus | =5.8-5801 | |
| ADSelfService Plus | =5.8-5802 | |
| ADSelfService Plus | =5.8-5803 | |
| ADSelfService Plus | =5.8-5804 | |
| ADSelfService Plus | =5.8-5805 | |
| ADSelfService Plus | =5.8-5806 | |
| ADSelfService Plus | =5.8-5807 | |
| ADSelfService Plus | =5.8-5808 | |
| ADSelfService Plus | =5.8-5809 | |
| ADSelfService Plus | =5.8-5810 | |
| ADSelfService Plus | =5.8-5811 | |
| ADSelfService Plus | =5.8-5812 | |
| ADSelfService Plus | =5.8-5813 | |
| ADSelfService Plus | =5.8-5814 | |
| ADSelfService Plus | =5.8-5815 | |
| ADSelfService Plus | =5.8-5816 | |
| ADSelfService Plus | =6.0 | |
| ADSelfService Plus | =6.0-6000 | |
| ADSelfService Plus | =6.0-6001 | |
| ADSelfService Plus | =6.0-6002 | |
| ADSelfService Plus | =6.0-6003 | |
| ADSelfService Plus | =6.0-6004 | |
| ADSelfService Plus | =6.0-6005 | |
| ADSelfService Plus | =6.0-6006 | |
| ADSelfService Plus | =6.0-6007 | |
| ADSelfService Plus | =6.0-6008 | |
| ADSelfService Plus | =6.0-6009 | |
| ADSelfService Plus | =6.0-6012 | |
| ADSelfService Plus | =6.0-6013 | |
| ADSelfService Plus | =6.1 | |
| ADSelfService Plus | =6.1-6100 | |
| ADSelfService Plus | =6.1-6101 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2021-28958?
CVE-2021-28958 has been assigned a critical severity rating due to its potential for unauthenticated remote code execution.
How do I fix CVE-2021-28958?
To mitigate CVE-2021-28958, users should upgrade to a fixed version of ManageEngine ADSelfService Plus, specifically version 6.1-6102 or later.
What versions of ManageEngine ADSelfService Plus are affected by CVE-2021-28958?
CVE-2021-28958 affects versions of ManageEngine ADSelfService Plus prior to 6.1-6102, including all versions in the 4.5 and 5.0 series.
Can CVE-2021-28958 be exploited without authentication?
Yes, CVE-2021-28958 allows remote code execution without authentication, making it particularly dangerous.
What impact does CVE-2021-28958 have on my system?
Exploiting CVE-2021-28958 can lead to full system compromise, allowing attackers to execute arbitrary code with the same privileges as the service.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/description
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/zohocorp
- canonical/adselfservice plus
- version/adselfservice plus/4.5-4510
- version/adselfservice plus/4.5-4511
- version/adselfservice plus/4.5-4520
- version/adselfservice plus/4.5-4522
- version/adselfservice plus/4.5-4531
- version/adselfservice plus/4.5-4540
- version/adselfservice plus/4.5-4543
- version/adselfservice plus/4.5-4544
- version/adselfservice plus/4.5-4550
- version/adselfservice plus/4.5-4560
- version/adselfservice plus/4.5-4570
- version/adselfservice plus/4.5-4571
- version/adselfservice plus/4.5-4572
- version/adselfservice plus/4.5-4580
- version/adselfservice plus/4.5-4590
- version/adselfservice plus/4.5-4591
- version/adselfservice plus/4.5-4592
- version/adselfservice plus/5.0-5000
- version/adselfservice plus/5.0-5001
- version/adselfservice plus/5.0-5002
- version/adselfservice plus/5.0-5010
- version/adselfservice plus/5.0-5011
- version/adselfservice plus/5.0-5020
- version/adselfservice plus/5.0-5021
- version/adselfservice plus/5.0-5022
- version/adselfservice plus/5.0-5030
- version/adselfservice plus/5.0-5032
- version/adselfservice plus/5.0-5040
- version/adselfservice plus/5.0-5041
- version/adselfservice plus/5.0.6
- version/adselfservice plus/5.1-5100
- version/adselfservice plus/5.1-5101
- version/adselfservice plus/5.1-5102
- version/adselfservice plus/5.1-5103
- version/adselfservice plus/5.1-5104
- version/adselfservice plus/5.1-5105
- version/adselfservice plus/5.1-5106
- version/adselfservice plus/5.1-5107
- version/adselfservice plus/5.1-5108
- version/adselfservice plus/5.1-5109
- version/adselfservice plus/5.1-5110
- version/adselfservice plus/5.1-5111
- version/adselfservice plus/5.1-5112
- version/adselfservice plus/5.1-5113
- version/adselfservice plus/5.1-5114
- version/adselfservice plus/5.1-5115
- version/adselfservice plus/5.1-5116
- version/adselfservice plus/5.2-5200
- version/adselfservice plus/5.2-5201
- version/adselfservice plus/5.2-5202
- version/adselfservice plus/5.2-5203
- version/adselfservice plus/5.2-5204
- version/adselfservice plus/5.2-5205
- version/adselfservice plus/5.2-5206
- version/adselfservice plus/5.2-5207
- version/adselfservice plus/5.3-5300
- version/adselfservice plus/5.3-5301
- version/adselfservice plus/5.3-5302
- version/adselfservice plus/5.3-5303
- version/adselfservice plus/5.3-5304
- version/adselfservice plus/5.3-5305
- version/adselfservice plus/5.3-5306
- version/adselfservice plus/5.3-5307
- version/adselfservice plus/5.3-5308
- version/adselfservice plus/5.3-5309
- version/adselfservice plus/5.3-5310
- version/adselfservice plus/5.3-5311
- version/adselfservice plus/5.3-5312
- version/adselfservice plus/5.3-5313
- version/adselfservice plus/5.3-5314
- version/adselfservice plus/5.3-5315
- version/adselfservice plus/5.3-5316
- version/adselfservice plus/5.3-5317
- version/adselfservice plus/5.3-5318
- version/adselfservice plus/5.3-5319
- version/adselfservice plus/5.3-5320
- version/adselfservice plus/5.3-5321
- version/adselfservice plus/5.3-5322
- version/adselfservice plus/5.3-5323
- version/adselfservice plus/5.3-5324
- version/adselfservice plus/5.3-5325
- version/adselfservice plus/5.3-5326
- version/adselfservice plus/5.3-5327
- version/adselfservice plus/5.3-5328
- version/adselfservice plus/5.3-5329
- version/adselfservice plus/5.3-5330
- version/adselfservice plus/5.4-5400
- version/adselfservice plus/5.5
- version/adselfservice plus/5.5-5500
- version/adselfservice plus/5.5-5501
- version/adselfservice plus/5.5-5502
- version/adselfservice plus/5.5-5503
- version/adselfservice plus/5.5-5504
- version/adselfservice plus/5.5-5505
- version/adselfservice plus/5.5-5506
- version/adselfservice plus/5.5-5507
- version/adselfservice plus/5.5-5508
- version/adselfservice plus/5.5-5509
- version/adselfservice plus/5.5-5510
- version/adselfservice plus/5.5-5511
- version/adselfservice plus/5.5-5512
- version/adselfservice plus/5.5-5513
- version/adselfservice plus/5.5-5514
- version/adselfservice plus/5.5-5515
- version/adselfservice plus/5.5-5516
- version/adselfservice plus/5.5-5517
- version/adselfservice plus/5.5-5518
- version/adselfservice plus/5.5-5519
- version/adselfservice plus/5.5-5520
- version/adselfservice plus/5.5-5521
- version/adselfservice plus/5.6-5600
- version/adselfservice plus/5.6-5601
- version/adselfservice plus/5.6-5602
- version/adselfservice plus/5.6-5603
- version/adselfservice plus/5.6-5604
- version/adselfservice plus/5.6-5605
- version/adselfservice plus/5.6-5606
- version/adselfservice plus/5.6-5607
- version/adselfservice plus/5.7-5607
- version/adselfservice plus/5.7-5700
- version/adselfservice plus/5.7-5701
- version/adselfservice plus/5.7-5702
- version/adselfservice plus/5.7-5703
- version/adselfservice plus/5.7-5704
- version/adselfservice plus/5.7-5705
- version/adselfservice plus/5.7-5706
- version/adselfservice plus/5.7-5707
- version/adselfservice plus/5.7-5708
- version/adselfservice plus/5.7-5709
- version/adselfservice plus/5.7-5710
- version/adselfservice plus/5.8
- version/adselfservice plus/5.8-5800
- version/adselfservice plus/5.8-5801
- version/adselfservice plus/5.8-5802
- version/adselfservice plus/5.8-5803
- version/adselfservice plus/5.8-5804
- version/adselfservice plus/5.8-5805
- version/adselfservice plus/5.8-5806
- version/adselfservice plus/5.8-5807
- version/adselfservice plus/5.8-5808
- version/adselfservice plus/5.8-5809
- version/adselfservice plus/5.8-5810
- version/adselfservice plus/5.8-5811
- version/adselfservice plus/5.8-5812
- version/adselfservice plus/5.8-5813
- version/adselfservice plus/5.8-5814
- version/adselfservice plus/5.8-5815
- version/adselfservice plus/5.8-5816
- version/adselfservice plus/6.0
- version/adselfservice plus/6.0-6000
- version/adselfservice plus/6.0-6001
- version/adselfservice plus/6.0-6002
- version/adselfservice plus/6.0-6003
- version/adselfservice plus/6.0-6004
- version/adselfservice plus/6.0-6005
- version/adselfservice plus/6.0-6006
- version/adselfservice plus/6.0-6007
- version/adselfservice plus/6.0-6008
- version/adselfservice plus/6.0-6009
- version/adselfservice plus/6.0-6012
- version/adselfservice plus/6.0-6013
- version/adselfservice plus/6.1
- version/adselfservice plus/6.1-6100
- version/adselfservice plus/6.1-6101