CVE Watchtower ← Back to CVE ListCVE-2021-40539NVDVulnerability SummaryZoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution.Severity LevelUNKNOWNPublished DateSep 7, 2021Last ModifiedOct 21, 2025Exploitation StatusACTIVERoot Weakness (CWE)N/AExternal Referenceshttps://www.manageengine.comhttps://www.manageengine.com/products/self-service-password/kb/how-to-fix-authentication-bypass-vulnerability-in-REST-API.htmlhttp://packetstormsecurity.com/files/165085/ManageEngine-ADSelfService-Plus-Authentication-Bypass-Code-Execution.html