CISA Warns Of Bug In Zoho ADSelfService Plus

September 9, 2021

The United States Cybersecurity and Infrastructure Security Agency (CISA) warned that hackers are exploiting a critical vulnerability known as CVE-2021-40539 in Zoho’s ManageEngine ADSelfService Plus password management solution that gives them the privilege to take over a system.

The vulnerability is considered critical because it could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Security notifications from the company and a warning from CISA suggested that the bug was exploited in the wild.

Currently, information about CVE-2021-40539, the fifth critical vulnerability reported for Zoho ManageEngine ADSelfService Plus in 2021, is sparse, with a severity score yet to be calculated by the National Institute of Standards and Technology.

However, companies with ADSelfService Plus builds lower than 6114 are recommended to install the latest developer update available from the service pack.

For more information, read the original story in Bleeping Computer

 

Top Stories

Related Articles

June 26, 2026 Polaroid has launched a new advertising campaign criticizing data centre water consumption as concerns about the environmental more...

June 26, 2026 Opposition to large-scale data centre developments tied to the artificial intelligence boom is beginning to influence U.S. more...

June 26, 2026 Meta's chief technology officer says employee morale has fallen to one of the lowest levels in the more...

June 26, 2026 Memory chip maker Micron says it has signed 16 long-term strategic customer agreements that include price floors more...

Jim Love

Jim is an author and podcast host with over 40 years in technology.

Share:
Facebook
Twitter
LinkedIn