VYPR

Manageengine Admanager Plus

by Zohocorp

CVEs (36)

  • CVE-2025-8324CriNov 11, 2025
    risk 0.64cvss 9.8epss 0.02

    Zohocorp ManageEngine Analytics Plus versions 6170 and below are vulnerable to Unauthenticated SQL Injection due to the improper filter configuration.

  • CVE-2026-2740HigMay 21, 2026
    risk 0.55cvss 8.4epss 0.02

    Zohocorp ManageEngine ADSelfService Plus version before 6525, DataSecurity Plus before 6264 and RecoveryManager Plus before 6313 are vulnerable to Authenticated Remote code execution in the agent machines due to the bug in the 3rd party dependency.

  • CVE-2025-1724HigMar 17, 2025
    risk 0.48cvss 7.4epss 0.01

    Zohocorp's ManageEngine Analytics Plus and Zoho Analytics on-premise versions older than 6130 are vulnerable to an AD only account takeover because of a hardcoded sensitive token.

  • CVE-2024-9100MedOct 3, 2024
    risk 0.42cvss 6.5epss 0.00

    Zohocorp ManageEngine Analytics Plus versions before 5410 and Zoho Analytics On-Premise versions before 5410 are vulnerable to Path traversal.

  • CVE-2024-24409Nov 8, 2024
    risk 0.03cvss epss 0.04

    Zohocorp ManageEngine ADManager Plus versions 7203 and prior are vulnerable to Privilege Escalation in the Modify Computers option.

  • CVE-2025-36527May 23, 2025
    risk 0.01cvss epss 0.20

    Zohocorp ManageEngine ADAudit Plus versions below 8511 are vulnerable to SQL injection while exporting reports.

  • CVE-2025-11669Jan 13, 2026
    risk 0.00cvss epss 0.01

    Zohocorp ManageEngine PAM360 versions before 8202; Password Manager Pro versions before 13221; Access Manager Plus versions prior to 4401 are vulnerable to an authorization issue in the initiate remote session functionality.

  • CVE-2025-9435Jan 13, 2026
    risk 0.00cvss epss 0.01

    Zohocorp ManageEngine ADManager Plus versions below 7230 are vulnerable to Path Traversal in the User Management module

  • CVE-2025-11670Dec 15, 2025
    risk 0.00cvss epss 0.00

    Zohocorp ManageEngine ADManager Plus versions before 8025 are vulnerable to NTLM Hash Exposure.  This vulnerability is exploitable only by technicians who have the “Impersonate as Admin” option enabled.

  • CVE-2025-10020Oct 21, 2025
    risk 0.00cvss epss 0.05

    Zohocorp ManageEngine ADManager Plus version before 8024 are vulnerable to authenticated command injection vulnerability in the Custom Script component.

  • CVE-2025-9428Oct 21, 2025
    risk 0.00cvss epss 0.25

    Zohocorp ManageEngine Analytics Plus versions 6171 and prior are vulnerable to authenticated SQL Injection via the key update api.

  • CVE-2025-41444Jun 9, 2025
    risk 0.00cvss epss 0.01

    Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the alerts module.

  • CVE-2025-36528Jun 9, 2025
    risk 0.00cvss epss 0.01

    Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in Service Account Auditing reports.

  • CVE-2025-27709Jun 9, 2025
    risk 0.00cvss epss 0.01

    Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the Service Account Auditing reports.

  • CVE-2025-41403May 22, 2025
    risk 0.00cvss epss 0.01

    Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection while fetching service account audit data.

  • CVE-2025-3836May 22, 2025
    risk 0.00cvss epss 0.05

    Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the logon events aggregate report.

  • CVE-2025-3834May 14, 2025
    risk 0.00cvss epss 0.01

    Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the OU History report.

  • CVE-2024-49574Nov 18, 2024
    risk 0.00cvss epss 0.02

    Zohocorp ManageEngine ADAudit Plus versions below 8123 are vulnerable to SQL Injection in the reports module.

  • CVE-2024-10839Nov 8, 2024
    risk 0.00cvss epss 0.01

    Zohocorp ManageEngine SharePoint Manager Plus versions 4503 and prior are vulnerable to authenticated XML External Entity (XXE) in the Management option.

  • CVE-2024-36485Nov 4, 2024
    risk 0.00cvss epss 0.01

    Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to SQL Injection in Technician reports option.

Page 1 of 2