Subscribe via feed.

ManageEngine ADSelfService Plus Authentication Bypass / Code Execution

Posted by deepcore on November 28, 2021 – 2:17 am

This Metasploit module exploits CVE-2021-40539, a REST API authentication bypass vulnerability in ManageEngine ADSelfService Plus, to upload a JAR and execute it as the user running ADSelfService Plus – which is SYSTEM if started as a service.


This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.


« »