U.S. Agencies Warn of APTs Exploiting Recent ADSelfService Plus Zero-Day
Tracked as CVE-2021-40539 and rated critical severity (CVSS score of 9.8), the vulnerability has been exploited since August 2021 to execute code remotely and take over vulnerable systems. Affecting the representational state transfer (REST) application programming interface (API) URLs of the self-service password management and single sign-on solution, the issue is an authentication bypass bug…