Exploited
critical
9.8
CWE
706
Advisory Published
Updated

CVE-2021-40539: Zoho ManageEngine ADSelfService Plus Authentication Bypass Vulnerability

First published: Tue Sep 07 2021(Updated: )

Zoho ManageEngine ADSelfService Plus contains an authentication bypass vulnerability affecting the REST API URLs which allow for remote code execution.

Credit: cve@mitre.org cve@mitre.org cve@mitre.org

Affected SoftwareAffected VersionHow to fix
Zoho ManageEngine
ManageEngine ADSelfService Plus=4.5-4510
ManageEngine ADSelfService Plus=4.5-4511
ManageEngine ADSelfService Plus=4.5-4520
ManageEngine ADSelfService Plus=4.5-4522
ManageEngine ADSelfService Plus=4.5-4531
ManageEngine ADSelfService Plus=4.5-4540
ManageEngine ADSelfService Plus=4.5-4543
ManageEngine ADSelfService Plus=4.5-4544
ManageEngine ADSelfService Plus=4.5-4550
ManageEngine ADSelfService Plus=4.5-4560
ManageEngine ADSelfService Plus=4.5-4570
ManageEngine ADSelfService Plus=4.5-4571
ManageEngine ADSelfService Plus=4.5-4572
ManageEngine ADSelfService Plus=4.5-4580
ManageEngine ADSelfService Plus=4.5-4590
ManageEngine ADSelfService Plus=4.5-4591
ManageEngine ADSelfService Plus=4.5-4592
ManageEngine ADSelfService Plus=5.0-5000
ManageEngine ADSelfService Plus=5.0-5001
ManageEngine ADSelfService Plus=5.0-5002
ManageEngine ADSelfService Plus=5.0-5010
ManageEngine ADSelfService Plus=5.0-5011
ManageEngine ADSelfService Plus=5.0-5020
ManageEngine ADSelfService Plus=5.0-5021
ManageEngine ADSelfService Plus=5.0-5022
ManageEngine ADSelfService Plus=5.0-5030
ManageEngine ADSelfService Plus=5.0-5032
ManageEngine ADSelfService Plus=5.0-5040
ManageEngine ADSelfService Plus=5.0-5041
ManageEngine ADSelfService Plus=5.0.6
ManageEngine ADSelfService Plus=5.1-5100
ManageEngine ADSelfService Plus=5.1-5101
ManageEngine ADSelfService Plus=5.1-5102
ManageEngine ADSelfService Plus=5.1-5103
ManageEngine ADSelfService Plus=5.1-5104
ManageEngine ADSelfService Plus=5.1-5105
ManageEngine ADSelfService Plus=5.1-5106
ManageEngine ADSelfService Plus=5.1-5107
ManageEngine ADSelfService Plus=5.1-5108
ManageEngine ADSelfService Plus=5.1-5109
ManageEngine ADSelfService Plus=5.1-5110
ManageEngine ADSelfService Plus=5.1-5111
ManageEngine ADSelfService Plus=5.1-5112
ManageEngine ADSelfService Plus=5.1-5113
ManageEngine ADSelfService Plus=5.1-5114
ManageEngine ADSelfService Plus=5.1-5115
ManageEngine ADSelfService Plus=5.1-5116
ManageEngine ADSelfService Plus=5.2-5200
ManageEngine ADSelfService Plus=5.2-5201
ManageEngine ADSelfService Plus=5.2-5202
ManageEngine ADSelfService Plus=5.2-5203
ManageEngine ADSelfService Plus=5.2-5204
ManageEngine ADSelfService Plus=5.2-5205
ManageEngine ADSelfService Plus=5.2-5206
ManageEngine ADSelfService Plus=5.2-5207
ManageEngine ADSelfService Plus=5.3-5300
ManageEngine ADSelfService Plus=5.3-5301
ManageEngine ADSelfService Plus=5.3-5302
ManageEngine ADSelfService Plus=5.3-5303
ManageEngine ADSelfService Plus=5.3-5304
ManageEngine ADSelfService Plus=5.3-5305
ManageEngine ADSelfService Plus=5.3-5306
ManageEngine ADSelfService Plus=5.3-5307
ManageEngine ADSelfService Plus=5.3-5308
ManageEngine ADSelfService Plus=5.3-5309
ManageEngine ADSelfService Plus=5.3-5310
ManageEngine ADSelfService Plus=5.3-5311
ManageEngine ADSelfService Plus=5.3-5312
ManageEngine ADSelfService Plus=5.3-5313
ManageEngine ADSelfService Plus=5.3-5314
ManageEngine ADSelfService Plus=5.3-5315
ManageEngine ADSelfService Plus=5.3-5316
ManageEngine ADSelfService Plus=5.3-5317
ManageEngine ADSelfService Plus=5.3-5318
ManageEngine ADSelfService Plus=5.3-5319
ManageEngine ADSelfService Plus=5.3-5320
ManageEngine ADSelfService Plus=5.3-5321
ManageEngine ADSelfService Plus=5.3-5322
ManageEngine ADSelfService Plus=5.3-5323
ManageEngine ADSelfService Plus=5.3-5324
ManageEngine ADSelfService Plus=5.3-5325
ManageEngine ADSelfService Plus=5.3-5326
ManageEngine ADSelfService Plus=5.3-5327
ManageEngine ADSelfService Plus=5.3-5328
ManageEngine ADSelfService Plus=5.3-5329
ManageEngine ADSelfService Plus=5.3-5330
ManageEngine ADSelfService Plus=5.4-5400
ManageEngine ADSelfService Plus=5.5
ManageEngine ADSelfService Plus=5.5-5500
ManageEngine ADSelfService Plus=5.5-5501
ManageEngine ADSelfService Plus=5.5-5502
ManageEngine ADSelfService Plus=5.5-5503
ManageEngine ADSelfService Plus=5.5-5504
ManageEngine ADSelfService Plus=5.5-5505
ManageEngine ADSelfService Plus=5.5-5506
ManageEngine ADSelfService Plus=5.5-5507
ManageEngine ADSelfService Plus=5.5-5508
ManageEngine ADSelfService Plus=5.5-5509
ManageEngine ADSelfService Plus=5.5-5510
ManageEngine ADSelfService Plus=5.5-5511
ManageEngine ADSelfService Plus=5.5-5512
ManageEngine ADSelfService Plus=5.5-5513
ManageEngine ADSelfService Plus=5.5-5514
ManageEngine ADSelfService Plus=5.5-5515
ManageEngine ADSelfService Plus=5.5-5516
ManageEngine ADSelfService Plus=5.5-5517
ManageEngine ADSelfService Plus=5.5-5518
ManageEngine ADSelfService Plus=5.5-5519
ManageEngine ADSelfService Plus=5.5-5520
ManageEngine ADSelfService Plus=5.5-5521
ManageEngine ADSelfService Plus=5.6-5600
ManageEngine ADSelfService Plus=5.6-5601
ManageEngine ADSelfService Plus=5.6-5602
ManageEngine ADSelfService Plus=5.6-5603
ManageEngine ADSelfService Plus=5.6-5604
ManageEngine ADSelfService Plus=5.6-5605
ManageEngine ADSelfService Plus=5.6-5606
ManageEngine ADSelfService Plus=5.6-5607
ManageEngine ADSelfService Plus=5.7-5607
ManageEngine ADSelfService Plus=5.7-5700
ManageEngine ADSelfService Plus=5.7-5701
ManageEngine ADSelfService Plus=5.7-5702
ManageEngine ADSelfService Plus=5.7-5703
ManageEngine ADSelfService Plus=5.7-5704
ManageEngine ADSelfService Plus=5.7-5705
ManageEngine ADSelfService Plus=5.7-5706
ManageEngine ADSelfService Plus=5.7-5707
ManageEngine ADSelfService Plus=5.7-5708
ManageEngine ADSelfService Plus=5.7-5709
ManageEngine ADSelfService Plus=5.7-5710
ManageEngine ADSelfService Plus=5.8
ManageEngine ADSelfService Plus=5.8-5800
ManageEngine ADSelfService Plus=5.8-5801
ManageEngine ADSelfService Plus=5.8-5802
ManageEngine ADSelfService Plus=5.8-5803
ManageEngine ADSelfService Plus=5.8-5804
ManageEngine ADSelfService Plus=5.8-5805
ManageEngine ADSelfService Plus=5.8-5806
ManageEngine ADSelfService Plus=5.8-5807
ManageEngine ADSelfService Plus=5.8-5808
ManageEngine ADSelfService Plus=5.8-5809
ManageEngine ADSelfService Plus=5.8-5810
ManageEngine ADSelfService Plus=5.8-5811
ManageEngine ADSelfService Plus=5.8-5812
ManageEngine ADSelfService Plus=5.8-5813
ManageEngine ADSelfService Plus=5.8-5814
ManageEngine ADSelfService Plus=5.8-5815
ManageEngine ADSelfService Plus=5.8-5816
ManageEngine ADSelfService Plus=6.0
ManageEngine ADSelfService Plus=6.0-6000
ManageEngine ADSelfService Plus=6.0-6001
ManageEngine ADSelfService Plus=6.0-6002
ManageEngine ADSelfService Plus=6.0-6003
ManageEngine ADSelfService Plus=6.0-6004
ManageEngine ADSelfService Plus=6.0-6005
ManageEngine ADSelfService Plus=6.0-6006
ManageEngine ADSelfService Plus=6.0-6007
ManageEngine ADSelfService Plus=6.0-6008
ManageEngine ADSelfService Plus=6.0-6009
ManageEngine ADSelfService Plus=6.0-6012
ManageEngine ADSelfService Plus=6.0-6013
ManageEngine ADSelfService Plus=6.1
ManageEngine ADSelfService Plus=6.1-6100
ManageEngine ADSelfService Plus=6.1-6101
ManageEngine ADSelfService Plus=6.1-6102
ManageEngine ADSelfService Plus=6.1-6103
ManageEngine ADSelfService Plus=6.1-6104
ManageEngine ADSelfService Plus=6.1-6105
ManageEngine ADSelfService Plus=6.1-6106
ManageEngine ADSelfService Plus=6.1-6113
=4.5-4510
=4.5-4511
=4.5-4520
=4.5-4522
=4.5-4531
=4.5-4540
=4.5-4543
=4.5-4544
=4.5-4550
=4.5-4560
=4.5-4570
=4.5-4571
=4.5-4572
=4.5-4580
=4.5-4590
=4.5-4591
=4.5-4592
=5.0-5000
=5.0-5001
=5.0-5002
=5.0-5010
=5.0-5011
=5.0-5020
=5.0-5021
=5.0-5022
=5.0-5030
=5.0-5032
=5.0-5040
=5.0-5041
=5.0.6
=5.1-5100
=5.1-5101
=5.1-5102
=5.1-5103
=5.1-5104
=5.1-5105
=5.1-5106
=5.1-5107
=5.1-5108
=5.1-5109
=5.1-5110
=5.1-5111
=5.1-5112
=5.1-5113
=5.1-5114
=5.1-5115
=5.1-5116
=5.2-5200
=5.2-5201
=5.2-5202
=5.2-5203
=5.2-5204
=5.2-5205
=5.2-5206
=5.2-5207
=5.3-5300
=5.3-5301
=5.3-5302
=5.3-5303
=5.3-5304
=5.3-5305
=5.3-5306
=5.3-5307
=5.3-5308
=5.3-5309
=5.3-5310
=5.3-5311
=5.3-5312
=5.3-5313
=5.3-5314
=5.3-5315
=5.3-5316
=5.3-5317
=5.3-5318
=5.3-5319
=5.3-5320
=5.3-5321
=5.3-5322
=5.3-5323
=5.3-5324
=5.3-5325
=5.3-5326
=5.3-5327
=5.3-5328
=5.3-5329
=5.3-5330
=5.4-5400
=5.5
=5.5-5500
=5.5-5501
=5.5-5502
=5.5-5503
=5.5-5504
=5.5-5505
=5.5-5506
=5.5-5507
=5.5-5508
=5.5-5509
=5.5-5510
=5.5-5511
=5.5-5512
=5.5-5513
=5.5-5514
=5.5-5515
=5.5-5516
=5.5-5517
=5.5-5518
=5.5-5519
=5.5-5520
=5.5-5521
=5.6-5600
=5.6-5601
=5.6-5602
=5.6-5603
=5.6-5604
=5.6-5605
=5.6-5606
=5.6-5607
=5.7-5607
=5.7-5700
=5.7-5701
=5.7-5702
=5.7-5703
=5.7-5704
=5.7-5705
=5.7-5706
=5.7-5707
=5.7-5708
=5.7-5709
=5.7-5710
=5.8
=5.8-5800
=5.8-5801
=5.8-5802
=5.8-5803
=5.8-5804
=5.8-5805
=5.8-5806
=5.8-5807
=5.8-5808
=5.8-5809
=5.8-5810
=5.8-5811
=5.8-5812
=5.8-5813
=5.8-5814
=5.8-5815
=5.8-5816
=6.0
=6.0-6000
=6.0-6001
=6.0-6002
=6.0-6003
=6.0-6004
=6.0-6005
=6.0-6006
=6.0-6007
=6.0-6008
=6.0-6009
=6.0-6012
=6.0-6013
=6.1
=6.1-6100
=6.1-6101
=6.1-6102
=6.1-6103
=6.1-6104
=6.1-6105
=6.1-6106
=6.1-6113

Remedy

https://www.manageengine.com/products/self-service-password/kb/how-to-fix-authentication-bypass-vulnerability-in-REST-API.html

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2021-40539?

    CVE-2021-40539 is a critical vulnerability that allows for authentication bypass and remote code execution in specific versions of Zoho ManageEngine ADSelfService Plus.

  • How do I fix CVE-2021-40539?

    To mitigate CVE-2021-40539, you should upgrade Zoho ManageEngine ADSelfService Plus to the latest version that addresses this vulnerability.

  • What versions are affected by CVE-2021-40539?

    CVE-2021-40539 affects Zoho ManageEngine ADSelfService Plus version 6113 and prior releases.

  • Can CVE-2021-40539 be exploited remotely?

    Yes, CVE-2021-40539 allows attackers to exploit the vulnerability remotely via REST API endpoints.

  • What type of vulnerability is CVE-2021-40539?

    CVE-2021-40539 is classified as an authentication bypass vulnerability that can lead to remote code execution.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203