The host is installed with Zoho ManageEngine ADSelfService Plus before build 6114 and is prone to an authentication bypass vulnerability. A flaw is present in the application, which fails to handle the specially crafted Rest API URLs. Successful exploitation could allow attackers to bypass the security filter due to an error in normalizing the URLs before validation.