Primary

Context

ManageEngine ADSelfService Plus Authentication Bypass Vulnerability

Vulnerability

Patched

An authentication bypass vulnerability has been identified in ManageEngine ADSelfService Plus, affecting versions prior to 6519. The issue arises from improper filter configurations, which allow unauthorized access to certain functionalities or data.

Impact

Exploitation of this vulnerability allows for authentication bypass, enabling unauthorized users to gain access to the application or its features without proper credentials.

Remediation

Users can update to ManageEngine ADSelfService Plus build 6519 to address this vulnerability. Instructions for updating are available on the ManageEngine website.

Added: Jan 13, 2026, 2:41 PM

Updated: Jan 13, 2026, 2:41 PM

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

5.0

exploitability

7.4

remediation

7.7

relevance

2.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

5.0

exploitability

7.4

remediation

7.7

relevance

2.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ManageEngine ADSelfService Plus Authentication Bypass Vulnerability

Vulnerability

Impact

Remediation

Affected Products

ManageEngine ADSelfService Plus

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating