CVE-2021-40539

ENISA EUVD: EUVD-2021-27714 ↗

Exploited in the Wild ✓ Confirmed 0-Day

Triaged: March 20, 2026 7 articles Published: 2021-09-07

VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-23

94.42%

probability

This CVE has a 94.42% probability of being exploited in the next 30 days.

0% Top 100.0th percentile of all CVEs 100%

CVSS v3.1

Source: VulnerabilityLookup (CIRCL)

9.8

CRITICAL

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2 (legacy)

7.5

HIGH

Access Vector

Network

Access Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Description

VulnerabilityLookup (CNA)

Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution.

Affected Products

n/a

zohocorp

manageengine adselfservice plus

n/a

Attack Intelligence

CWE-664 · Improper Control of a Resource Through its Lifetime CWE-706 · Use of Incorrectly-Resolved Name or Reference

Exploits & PoC

synacktiv/CVE-2021-40539

Exploitation code for CVE-2021-40539

48 2021-11-09

DarkSprings/CVE-2021-40539

CVE-2021-40539 POC

2 2021-09-17

Bu0uCat/ADSelfService-Plus-RCE-CVE-2021-40539

ADSelfService Plus RCE漏洞检测工具 (二开)

2 2024-10-16

lpyydxs/CVE-2021-40539

CVE-2021-40539：ADSelfService Plus RCE漏洞

1 2025-03-13

lpyzds/CVE-2021-40539

CVE-2021-40539：ADSelfService Plus RCE漏洞

0 2024-10-12

5 repos — triés par ⭐ Rechercher sur GitHub ↗

https://www.manageengine.com

x_refsource_MISC

https://www.manageengine.com/products/self-service-password/kb/how-to-fix-authentication-bypass-vulnerability-in-REST-API.html

x_refsource_MISC

http://packetstormsecurity.com/files/165085/ManageEngine-ADSelfService-Plus-Authentication-Bypass-Code-Execution.html

x_refsource_MISC

Signal Intelligence

Confidenceⓘ

85%

EPSS 94.42%

CVSS v3.1 9.8

Mentions 7

Last Seen Oct 07, 2022

CNA Information

CNA Assigner

mitre

Analyst Note

CVE-2021-40539 is a critical Zoho ManageEngine ServiceDesk Plus vulnerability with documented active exploitation by threat actors. CISA and FBI publicly warned of active exploitation of this newly patched flaw, with evidence of malicious activities including web shell deployment. The timing indicates exploitation coincided with or preceded patch availability, meeting zero-day criteria.