Manageengine Applications Manager
by Zohocorp
CVEs (30)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-19800 | 0.01 | — | 0.04 | Feb 6, 2020 | Zoho ManageEngine Applications Manager 14 before 14520 allows a remote unauthenticated attacker to disclose OS file names via FailOverHelperServlet. | |||
| CVE-2019-19650 | 0.01 | — | 0.06 | Dec 11, 2019 | Zoho ManageEngine Applications Manager before 13640 allows a remote authenticated SQL injection via the Agent servlet agentid parameter to the Agent.java process function. | |||
| CVE-2025-9787 | 0.00 | — | 0.01 | Dec 18, 2025 | Zohocorp ManageEngine Applications Manager versions 177400 and below are vulnerable to Stored Cross-Site Scripting vulnerability in the NOC view. | |||
| CVE-2025-6239 | 0.00 | — | 0.01 | Oct 21, 2025 | Zohocorp ManageEngine Applications Manager versions 176800 and below are vulnerable to information disclosure in File/Directory monitor. | |||
| CVE-2024-41140 | 0.00 | — | 0.01 | Jan 29, 2025 | Zohocorp ManageEngine Applications Manager versions 174000 and prior are vulnerable to the incorrect authorization in the update user function. | |||
| CVE-2024-5678 | 0.00 | — | 0.03 | Aug 1, 2024 | Zohocorp ManageEngine Applications Manager versions 170900 and below are vulnerable to the authenticated admin-only SQL Injection in the Create Monitor feature. | |||
| CVE-2023-38333 | 0.00 | — | 0.02 | Aug 10, 2023 | Zoho ManageEngine Applications Manager through 16530 allows reflected XSS while logged in. | |||
| CVE-2023-29442 | 0.00 | — | 0.09 | Apr 26, 2023 | Zoho ManageEngine Applications Manager before 16400 allows proxy.html DOM XSS. | |||
| CVE-2020-35765 | 0.00 | — | 0.27 | Feb 5, 2021 | doFilter in com.adventnet.appmanager.filter.UriCollector in Zoho ManageEngine Applications Manager through 14930 allows an authenticated SQL Injection via the resourceid parameter to showresource.do. | |||
| CVE-2017-11740 | 0.00 | — | 0.03 | May 23, 2019 | In Zoho ManageEngine Application Manager 13.1 Build 13100, the administrative user has the ability to upload files/binaries that can be executed upon the occurrence of an alarm. An attacker can abuse this functionality by uploading a malicious script that can be executed on the… |
- CVE-2019-19800Feb 6, 2020risk 0.01cvss —epss 0.04
Zoho ManageEngine Applications Manager 14 before 14520 allows a remote unauthenticated attacker to disclose OS file names via FailOverHelperServlet.
- CVE-2019-19650Dec 11, 2019risk 0.01cvss —epss 0.06
Zoho ManageEngine Applications Manager before 13640 allows a remote authenticated SQL injection via the Agent servlet agentid parameter to the Agent.java process function.
- CVE-2025-9787Dec 18, 2025risk 0.00cvss —epss 0.01
Zohocorp ManageEngine Applications Manager versions 177400 and below are vulnerable to Stored Cross-Site Scripting vulnerability in the NOC view.
- CVE-2025-6239Oct 21, 2025risk 0.00cvss —epss 0.01
Zohocorp ManageEngine Applications Manager versions 176800 and below are vulnerable to information disclosure in File/Directory monitor.
- CVE-2024-41140Jan 29, 2025risk 0.00cvss —epss 0.01
Zohocorp ManageEngine Applications Manager versions 174000 and prior are vulnerable to the incorrect authorization in the update user function.
- CVE-2024-5678Aug 1, 2024risk 0.00cvss —epss 0.03
Zohocorp ManageEngine Applications Manager versions 170900 and below are vulnerable to the authenticated admin-only SQL Injection in the Create Monitor feature.
- CVE-2023-38333Aug 10, 2023risk 0.00cvss —epss 0.02
Zoho ManageEngine Applications Manager through 16530 allows reflected XSS while logged in.
- CVE-2023-29442Apr 26, 2023risk 0.00cvss —epss 0.09
Zoho ManageEngine Applications Manager before 16400 allows proxy.html DOM XSS.
- CVE-2020-35765Feb 5, 2021risk 0.00cvss —epss 0.27
doFilter in com.adventnet.appmanager.filter.UriCollector in Zoho ManageEngine Applications Manager through 14930 allows an authenticated SQL Injection via the resourceid parameter to showresource.do.
- CVE-2017-11740May 23, 2019risk 0.00cvss —epss 0.03
In Zoho ManageEngine Application Manager 13.1 Build 13100, the administrative user has the ability to upload files/binaries that can be executed upon the occurrence of an alarm. An attacker can abuse this functionality by uploading a malicious script that can be executed on the…
Page 2 of 2