ManageEngine ADSelfService Plus Authentication Bypass / Code Execution
Posted on 27 November 2021
This Metasploit module exploits CVE-2021-40539, a REST API authentication bypass vulnerability in ManageEngine ADSelfService Plus, to upload a JAR and execute it as the user running ADSelfService Plus - which is SYSTEM if started as a service.
