module
ManageEngine ADSelfService Plus CVE-2021-40539
| Disclosed |
|---|
| Sep 7, 2021 |
Disclosed
Sep 7, 2021
Description
This module exploits CVE-2021-40539, a REST API authentication bypass
vulnerability in ManageEngine ADSelfService Plus, to upload a JAR and
execute it as the user running ADSelfService Plus - which is SYSTEM if
started as a service.
vulnerability in ManageEngine ADSelfService Plus, to upload a JAR and
execute it as the user running ADSelfService Plus - which is SYSTEM if
started as a service.
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.