ManageEngine ADSelfService Plus Authentication Bypass / Code Execution

Discussion in 'News Aggregator' started by Packet Storm, 27 Nov 2021.

  1. Packet Storm

    Packet Storm Guest

    This Metasploit module exploits CVE-2021-40539, a REST API authentication bypass vulnerability in ManageEngine ADSelfService Plus, to upload a JAR and execute it as the user running ADSelfService Plus - which is SYSTEM if started as a service.

    Continue reading...
     

Share This Page

Loading...