Zoho has released a security update on a vulnerability (CVE-2021-40539) affecting ManageEngine ADSelfService Plus builds 6113 and below. CVE-2021-40539 has been detected in exploits in the wild. A remote attacker could exploit this vulnerability to take control of an affected system. ManageEngine ADSelfService Plus is a self-service password management and single sign-on (SSO) solution for Active Directory and cloud apps.

Users are advised to review the Zoho advisory for more information and to update to ADSelfService Plus build 6114 – manageengine.com.