The Federal Bureau of Investigation (FBI), the US Cybersecurity and Infrastructure Security Agency (CISA), and the Coast Guard Cyber Command (CGCYBER) have issued a warning on in-the-wild attacks targeting Zoho’s ManageEngine ADSelfService Plus product, which was recently identified as vulnerable.
The vulnerability, identified as CVE-2021-40539 and graded critical severity (CVSS score of 9.8), has been exploited since August 2021 to remotely execute code and take control of susceptible systems.
The issue is an authentication bypass bug that affects all ADSelfService Plus builds up to 6113 and affects the self-service password management and single sign-on solution’s representational state transfer (REST) application programming interface (API) URLs.
To Read More: Securityweek
For more such updates follow us on Google News ITsecuritywire News