CAPTCHA Bypass Vulnerability in Zoho ManageEngine ADSelfService Plus
CVE-2021-37417

9.8CRITICAL

Key Information:

Vendor: Zohocorp
Status: Manageengine Adselfservice Plus
Vendor: CVE Published:; 30 August 2021

What is CVE-2021-37417?

An issue in Zoho ManageEngine ADSelfService Plus prior to version 6103 allows an attacker to bypass CAPTCHA protections due to improper parameter validation. This flaw can lead to unauthorized access and exploitation, potentially compromising sensitive user data and security protocols. It is crucial for organizations using this software to apply updates and safeguard against potential exploitation of this vulnerability.

References

https://blog.stmcyber.com/vulns/cve-2021-37417/

x_refsource_MISC

EPSS Score

18% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 30, 2021
Vulnerability Reserved
Jul 23, 2021

Zohocorp

What is CVE-2021-37417?

References

EPSS Score

CVSS V3.1

Timeline