2021
11.28

ManageEngine ADSelfService Plus Authentication Bypass / Code Execution

Category: exploit / Tags: no tag / Add Comment

This Metasploit module exploits CVE-2021-40539, a REST API authentication bypass vulnerability in ManageEngine ADSelfService Plus, to upload a JAR and execute it as the user running ADSelfService Plus – which is SYSTEM if started as a service.

No Comment.

Add Your Comment

Your Comment

You must be logged in to post a comment.