How to exploit CVE-2021-40539 on ManageEngine ADSelfService Plus

During a penetration test we encountered the ManageEngine ADSelfService Plus (ADSS) solution. ADSS offers multiple functionalities such as managing password policies for administrators or self password reset/account unlock for Active Directory users. We decided to dig into this solution. However, our research barely started that a wild exploitation on this solution was announced.

In this article we will explore the details of several vulnerabilities that allow an unauthenticated attacker to execute arbitrary code on the server.

This post was created with our nice and easy submission form. Create your post!

What do you think?

-1 Points
Upvote Downvote

Posted by SH

Leave a Reply

Your email address will not be published. Required fields are marked *

GIPHY App Key not set. Please check settings

CVE-2021-43267: RCE Vulnerability in Linux Kernel TIPC Module

AFLGO Source Code Analysis: Graph Construction and Distance Calc