Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution.
Published September 7, 2021.
Zohocorp Manageengine Adselfservice Plus