CISA Warns Of Bug In Zoho ADSelfService Plus

September 9, 2021

The United States Cybersecurity and Infrastructure Security Agency (CISA) warned that hackers are exploiting a critical vulnerability known as CVE-2021-40539 in Zoho’s ManageEngine ADSelfService Plus password management solution that gives them the privilege to take over a system.

The vulnerability is considered critical because it could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Security notifications from the company and a warning from CISA suggested that the bug was exploited in the wild.

Currently, information about CVE-2021-40539, the fifth critical vulnerability reported for Zoho ManageEngine ADSelfService Plus in 2021, is sparse, with a severity score yet to be calculated by the National Institute of Standards and Technology.

However, companies with AdSelfService Plus builds lower than 6114 are recommended to install the latest developer update available from the service pack.

For more information, read the original story in Bleeping Computer

CISA Warns Of Bug In Zoho ADSelfService Plus

Top Stories

New Deepfakes Can Mimic Heartbeats, Evading Detection Tools

RBC Pushes Employees Back to Office to Preserve ‘Winning Culture’

Microsoft Azure Closes Cloud Gap with AWS as AI and Enterprise Migrations Fuel Growth

Sleeper Supply Chain Attack Activates After 6 Years

Dell has another major round of layoffs

One of the biggest data breaches ever, billions of users affected

Related Articles

65% of Canadians Still Reusing Passwords Despite Identity Theft Fears, Okta Study

Ottawa Warns of China-Linked Hack on Canadian Telecom Gear

Copilot Exploit Shows How AI Agents Can Be Hijacked to Steal Corporate Data

Sleeper Supply Chain Attack Activates After 6 Years

Jim Love

Follow Us

Popular categories

Tech News Delivered