Manageengine Admanager Plus
by Zohocorp
CVEs (36)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-8324 | Cri | 0.64 | 9.8 | 0.02 | Nov 11, 2025 | Zohocorp ManageEngine Analytics Plus versions 6170 and below are vulnerable to Unauthenticated SQL Injection due to the improper filter configuration. | ||
| CVE-2026-2740 | Hig | 0.55 | 8.4 | 0.02 | May 21, 2026 | Zohocorp ManageEngine ADSelfService Plus version before 6525, DataSecurity Plus before 6264 and RecoveryManager Plus before 6313 are vulnerable to Authenticated Remote code execution in the agent machines due to the bug in the 3rd party dependency. | ||
| CVE-2025-1724 | Hig | 0.48 | 7.4 | 0.01 | Mar 17, 2025 | Zohocorp's ManageEngine Analytics Plus and Zoho Analytics on-premise versions older than 6130 are vulnerable to an AD only account takeover because of a hardcoded sensitive token. | ||
| CVE-2024-9100 | Med | 0.42 | 6.5 | 0.00 | Oct 3, 2024 | Zohocorp ManageEngine Analytics Plus versions before 5410 and Zoho Analytics On-Premise versions before 5410 are vulnerable to Path traversal. | ||
| CVE-2024-24409 | 0.03 | — | 0.04 | Nov 8, 2024 | Zohocorp ManageEngine ADManager Plus versions 7203 and prior are vulnerable to Privilege Escalation in the Modify Computers option. | |||
| CVE-2025-36527 | 0.01 | — | 0.20 | May 23, 2025 | Zohocorp ManageEngine ADAudit Plus versions below 8511 are vulnerable to SQL injection while exporting reports. | |||
| CVE-2025-11669 | 0.00 | — | 0.01 | Jan 13, 2026 | Zohocorp ManageEngine PAM360 versions before 8202; Password Manager Pro versions before 13221; Access Manager Plus versions prior to 4401 are vulnerable to an authorization issue in the initiate remote session functionality. | |||
| CVE-2025-9435 | 0.00 | — | 0.01 | Jan 13, 2026 | Zohocorp ManageEngine ADManager Plus versions below 7230 are vulnerable to Path Traversal in the User Management module | |||
| CVE-2025-11670 | 0.00 | — | 0.00 | Dec 15, 2025 | Zohocorp ManageEngine ADManager Plus versions before 8025 are vulnerable to NTLM Hash Exposure. This vulnerability is exploitable only by technicians who have the “Impersonate as Admin” option enabled. | |||
| CVE-2025-10020 | 0.00 | — | 0.05 | Oct 21, 2025 | Zohocorp ManageEngine ADManager Plus version before 8024 are vulnerable to authenticated command injection vulnerability in the Custom Script component. | |||
| CVE-2025-9428 | 0.00 | — | 0.25 | Oct 21, 2025 | Zohocorp ManageEngine Analytics Plus versions 6171 and prior are vulnerable to authenticated SQL Injection via the key update api. | |||
| CVE-2025-41444 | 0.00 | — | 0.01 | Jun 9, 2025 | Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the alerts module. | |||
| CVE-2025-36528 | 0.00 | — | 0.01 | Jun 9, 2025 | Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in Service Account Auditing reports. | |||
| CVE-2025-27709 | 0.00 | — | 0.01 | Jun 9, 2025 | Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the Service Account Auditing reports. | |||
| CVE-2025-41403 | 0.00 | — | 0.01 | May 22, 2025 | Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection while fetching service account audit data. | |||
| CVE-2025-3836 | 0.00 | — | 0.05 | May 22, 2025 | Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the logon events aggregate report. | |||
| CVE-2025-3834 | 0.00 | — | 0.01 | May 14, 2025 | Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the OU History report. | |||
| CVE-2024-49574 | 0.00 | — | 0.02 | Nov 18, 2024 | Zohocorp ManageEngine ADAudit Plus versions below 8123 are vulnerable to SQL Injection in the reports module. | |||
| CVE-2024-10839 | 0.00 | — | 0.01 | Nov 8, 2024 | Zohocorp ManageEngine SharePoint Manager Plus versions 4503 and prior are vulnerable to authenticated XML External Entity (XXE) in the Management option. | |||
| CVE-2024-36485 | 0.00 | — | 0.01 | Nov 4, 2024 | Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to SQL Injection in Technician reports option. |
- risk 0.64cvss 9.8epss 0.02
Zohocorp ManageEngine Analytics Plus versions 6170 and below are vulnerable to Unauthenticated SQL Injection due to the improper filter configuration.
- risk 0.55cvss 8.4epss 0.02
Zohocorp ManageEngine ADSelfService Plus version before 6525, DataSecurity Plus before 6264 and RecoveryManager Plus before 6313 are vulnerable to Authenticated Remote code execution in the agent machines due to the bug in the 3rd party dependency.
- risk 0.48cvss 7.4epss 0.01
Zohocorp's ManageEngine Analytics Plus and Zoho Analytics on-premise versions older than 6130 are vulnerable to an AD only account takeover because of a hardcoded sensitive token.
- risk 0.42cvss 6.5epss 0.00
Zohocorp ManageEngine Analytics Plus versions before 5410 and Zoho Analytics On-Premise versions before 5410 are vulnerable to Path traversal.
- CVE-2024-24409Nov 8, 2024risk 0.03cvss —epss 0.04
Zohocorp ManageEngine ADManager Plus versions 7203 and prior are vulnerable to Privilege Escalation in the Modify Computers option.
- CVE-2025-36527May 23, 2025risk 0.01cvss —epss 0.20
Zohocorp ManageEngine ADAudit Plus versions below 8511 are vulnerable to SQL injection while exporting reports.
- CVE-2025-11669Jan 13, 2026risk 0.00cvss —epss 0.01
Zohocorp ManageEngine PAM360 versions before 8202; Password Manager Pro versions before 13221; Access Manager Plus versions prior to 4401 are vulnerable to an authorization issue in the initiate remote session functionality.
- CVE-2025-9435Jan 13, 2026risk 0.00cvss —epss 0.01
Zohocorp ManageEngine ADManager Plus versions below 7230 are vulnerable to Path Traversal in the User Management module
- CVE-2025-11670Dec 15, 2025risk 0.00cvss —epss 0.00
Zohocorp ManageEngine ADManager Plus versions before 8025 are vulnerable to NTLM Hash Exposure. This vulnerability is exploitable only by technicians who have the “Impersonate as Admin” option enabled.
- CVE-2025-10020Oct 21, 2025risk 0.00cvss —epss 0.05
Zohocorp ManageEngine ADManager Plus version before 8024 are vulnerable to authenticated command injection vulnerability in the Custom Script component.
- CVE-2025-9428Oct 21, 2025risk 0.00cvss —epss 0.25
Zohocorp ManageEngine Analytics Plus versions 6171 and prior are vulnerable to authenticated SQL Injection via the key update api.
- CVE-2025-41444Jun 9, 2025risk 0.00cvss —epss 0.01
Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the alerts module.
- CVE-2025-36528Jun 9, 2025risk 0.00cvss —epss 0.01
Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in Service Account Auditing reports.
- CVE-2025-27709Jun 9, 2025risk 0.00cvss —epss 0.01
Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the Service Account Auditing reports.
- CVE-2025-41403May 22, 2025risk 0.00cvss —epss 0.01
Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection while fetching service account audit data.
- CVE-2025-3836May 22, 2025risk 0.00cvss —epss 0.05
Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the logon events aggregate report.
- CVE-2025-3834May 14, 2025risk 0.00cvss —epss 0.01
Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the OU History report.
- CVE-2024-49574Nov 18, 2024risk 0.00cvss —epss 0.02
Zohocorp ManageEngine ADAudit Plus versions below 8123 are vulnerable to SQL Injection in the reports module.
- CVE-2024-10839Nov 8, 2024risk 0.00cvss —epss 0.01
Zohocorp ManageEngine SharePoint Manager Plus versions 4503 and prior are vulnerable to authenticated XML External Entity (XXE) in the Management option.
- CVE-2024-36485Nov 4, 2024risk 0.00cvss —epss 0.01
Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to SQL Injection in Technician reports option.
Page 1 of 2