Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2021-37927
CVE-2021-37927:
Zoho ManageEngine ADManager Plus vulnerability analysis and mitigation
Overview
A high-severity vulnerability (CVE-2021-37927) was discovered in ADSelfService Plus that allows attackers to perform account takeover via SSO with Signature Stripping. The vulnerability was reported by HaYiCle from ECQ and affects versions prior to build 6110 (ADSelfService Release Notes).
Technical details
The vulnerability allows attackers to intercept the samlResponse attribute value returned by the Identity Provider during SAML SSO logins. The attacker can then modify the email ID provided in the NameId field and take over a user account without requiring signature verification (ManageEngine Security).
Impact
This vulnerability could lead to unauthorized account takeover, allowing attackers to gain access to and control legitimate user accounts in the system (ManageEngine Security).
Mitigation and workarounds
The vulnerability was fixed in ADSelfService Plus build 6110 by enforcing SAML signature verification. Organizations should upgrade to this version or later to protect against this vulnerability (ADSelfService Release Notes).
Additional resources
Source: This report was generated using AI
Related Zoho ManageEngine ADManager Plus vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management