What is CVE-2021-33256?

CVE-2021-33256 is a vulnerability in N/a. Published 2021-08-09.

Is CVE-2021-33256 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2021-33256

A CSV injection vulnerability on the login panel of ManageEngine ADSelfService Plus Version: 6.1 Build No: 6101 can be exploited by an unauthenticated user. The j_username parameter seems to be vulnerable and a reverse shell could be obtai…

EPSS: 0.790 (99.5th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

20142995/nuclei-templates
cyb3r-w0lf/nuclei-template-collection

References

docs.unsafe-inline.com/0day/manageengine-adselfservice-plus-6.1-csv-injection (x_refsource_MISC)

Frequently asked questions

What is CVE-2021-33256?: CVE-2021-33256 is a vulnerability in N/a. Published 2021-08-09.
Is CVE-2021-33256 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.