Vendor CVEs
Manageengine
All CVEs
296 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-27709 | 0.00 | — | 0.01 | Jun 9, 2025 | Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the Service Account Auditing reports. | |||
| CVE-2025-3835 | 0.00 | — | 0.02 | Jun 9, 2025 | Zohocorp ManageEngine Exchange Reporter Plus versions 5721 and prior are vulnerable to Remote code execution in the Content Search module. | |||
| CVE-2025-41407 | 0.00 | — | 0.01 | May 23, 2025 | Zohocorp ManageEngine ADAudit Plus versions below 8511 are vulnerable to SQL injection in the OU History report. | |||
| CVE-2025-41403 | 0.00 | — | 0.01 | May 22, 2025 | Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection while fetching service account audit data. | |||
| CVE-2025-3836 | 0.00 | — | 0.05 | May 22, 2025 | Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the logon events aggregate report. | |||
| CVE-2025-3444 | 0.00 | — | 0.01 | May 22, 2025 | Zohocorp ManageEngine ServiceDesk Plus MSP and SupportCenter Plus versions below 14920 are vulnerable to authenticated Local File Inclusion (LFI) in the Admin module, where help card content is loaded. | |||
| CVE-2025-3834 | 0.00 | — | 0.01 | May 14, 2025 | Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the OU History report. | |||
| CVE-2025-3833 | 0.00 | — | 0.28 | May 14, 2025 | Zohocorp ManageEngine ADSelfService Plus versions 6513 and prior are vulnerable to authenticated SQL injection in the MFA reports. | |||
| CVE-2024-50053 | 0.00 | — | 0.01 | Mar 21, 2025 | Zohocorp ManageEngine ServiceDesk Plus versions below 14920 , ServiceDesk Plus MSP and SupportCentre Plus versions below 14910 are vulnerable to Stored XSS in the task feature. | |||
| CVE-2025-1723 | 0.00 | — | 0.01 | Mar 3, 2025 | Zohocorp ManageEngine ADSelfService Plus versions 6510 and below are vulnerable to account takeover due to the session mishandling. Valid account holders in the setup only have the potential to exploit this bug. | |||
| CVE-2024-9097 | 0.00 | — | 0.01 | Feb 5, 2025 | ManageEngine Endpoint Central versions before 11.3.2440.09 are vulnerable to IDOR vulnerability which allows the attacker to change the username in the chat. | |||
| CVE-2024-41140 | 0.00 | — | 0.01 | Jan 29, 2025 | Zohocorp ManageEngine Applications Manager versions 174000 and prior are vulnerable to the incorrect authorization in the update user function. | |||
| CVE-2024-52323 | 0.00 | — | 0.01 | Nov 27, 2024 | Zohocorp ManageEngine Analytics Plus versions below 6100 are vulnerable to authenticated sensitive data exposure which allows the users to retrieve sensitive tokens associated to the org-admin account. | |||
| CVE-2024-49574 | 0.00 | — | 0.02 | Nov 18, 2024 | Zohocorp ManageEngine ADAudit Plus versions below 8123 are vulnerable to SQL Injection in the reports module. | |||
| CVE-2024-10203 | 0.00 | — | 0.00 | Nov 7, 2024 | Zohocorp ManageEngine EndPoint Central versions 11.3.2416.21 and below, 11.3.2428.9 and below are vulnerable to Arbitrary File Deletion in the agent installed machines. | |||
| CVE-2024-9459 | 0.00 | — | 0.02 | Nov 5, 2024 | Zohocorp ManageEngine Exchange Reporter Plus versions 5718 and prior are vulnerable to authenticated SQL Injection in reports module. | |||
| CVE-2024-36485 | 0.00 | — | 0.01 | Nov 4, 2024 | Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to SQL Injection in Technician reports option. | |||
| CVE-2024-48878 | 0.00 | — | 0.01 | Nov 4, 2024 | Zohocorp ManageEngine ADManager Plus versions 7241 and prior are vulnerable to SQL Injection in Archived Audit Report. | |||
| CVE-2024-5608 | 0.00 | — | 0.01 | Oct 24, 2024 | Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to SQL Injection in the technician reports feature. | |||
| CVE-2024-38868 | 0.00 | — | 0.01 | Aug 30, 2024 | Zohocorp ManageEngine Endpoint Central affected by Incorrect authorization vulnerability while isolating the devices.This issue affects Endpoint Central: before 11.3.2406.08 and before 11.3.2400.15 | |||
| CVE-2024-6204 | 0.00 | — | 0.02 | Aug 30, 2024 | Zohocorp ManageEngine Exchange Reporter Plus versions before 5715 are vulnerable to SQL Injection in the reports module. | |||
| CVE-2024-5546 | 0.00 | — | 0.03 | Aug 28, 2024 | Zohocorp ManageEngine Password Manager Pro versions before 12431 and ManageEngine PAM360 versions before 7001 are affected by authenticated SQL Injection vulnerability via a global search option. | |||
| CVE-2024-41150 | 0.00 | — | 0.01 | Aug 23, 2024 | An Stored Cross-site Scripting vulnerability in request module affects Zohocorp ManageEngine ServiceDesk Plus, ServiceDesk Plus MSP and SupportCenter Plus.This issue affects ServiceDesk Plus versions: through 14810; ServiceDesk Plus MSP: through 14800; SupportCenter Plus:… | |||
| CVE-2024-38869 | 0.00 | — | 0.01 | Aug 23, 2024 | Zohocorp ManageEngine Endpoint Central affected by Incorrect authorization vulnerability in remote office deploy configurations.This issue affects Endpoint Central: before 11.3.2416.04 and before 11.3.2400.25. | |||
| CVE-2024-5586 | 0.00 | — | 0.05 | Aug 23, 2024 | Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to the authenticated SQL injection in extranet lockouts report option. | |||
| CVE-2024-5556 | 0.00 | — | 0.05 | Aug 23, 2024 | Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in reports module. | |||
| CVE-2024-5490 | 0.00 | — | 0.04 | Aug 23, 2024 | Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in aggregate reports option. | |||
| CVE-2024-36514 | 0.00 | — | 0.04 | Aug 23, 2024 | Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in file summary option. | |||
| CVE-2024-36515 | 0.00 | — | 0.05 | Aug 23, 2024 | Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in dashboard. Note: This vulnerability is different from another vulnerability (CVE-2024-36516), both of which have affected ADAudit Plus' dashboard. | |||
| CVE-2024-36516 | 0.00 | — | 0.04 | Aug 23, 2024 | Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in dashboard. Note: This vulnerability is different from another vulnerability (CVE-2024-36515), both of which have affected ADAudit Plus' dashboard. | |||
| CVE-2024-36517 | 0.00 | — | 0.05 | Aug 23, 2024 | Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in alerts module. | |||
| CVE-2024-5467 | 0.00 | — | 0.05 | Aug 23, 2024 | Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to the authenticated SQL injection in account lockout report. | |||
| CVE-2024-36034 | 0.00 | — | 0.07 | Aug 12, 2024 | Zohocorp ManageEngine ADAudit Plus versions below 8003 are vulnerable to authenticated SQL Injection in aggregate reports' search option. | |||
| CVE-2024-36035 | 0.00 | — | 0.07 | Aug 12, 2024 | Zohocorp ManageEngine ADAudit Plus versions below 8003 are vulnerable to authenticated SQL Injection in user session recording. | |||
| CVE-2024-36518 | 0.00 | — | 0.03 | Aug 12, 2024 | Zohocorp ManageEngine ADAudit Plus versions below 8110 are vulnerable to authenticated SQL Injection in attack surface analyzer's dashboard. | |||
| CVE-2024-5487 | 0.00 | — | 0.05 | Aug 12, 2024 | Zohocorp ManageEngine ADAudit Plus versions below 8110 are vulnerable to authenticated SQL Injection in attack surface analyzer's export option. | |||
| CVE-2024-5527 | 0.00 | — | 0.05 | Aug 12, 2024 | Zohocorp ManageEngine ADAudit Plus versions below 8110 are vulnerable to authenticated SQL Injection in file auditing configuration. | |||
| CVE-2024-5678 | 0.00 | — | 0.03 | Aug 1, 2024 | Zohocorp ManageEngine Applications Manager versions 170900 and below are vulnerable to the authenticated admin-only SQL Injection in the Create Monitor feature. | |||
| CVE-2024-38872 | 0.00 | — | 0.03 | Jul 26, 2024 | Zohocorp ManageEngine Exchange Reporter Plus versions 5717 and below are vulnerable to the authenticated SQL injection in the monitoring module. | |||
| CVE-2024-38871 | 0.00 | — | 0.03 | Jul 26, 2024 | Zohocorp ManageEngine Exchange Reporter Plus versions 5717 and below are vulnerable to the authenticated SQL injection in the reports module. | |||
| CVE-2024-27311 | 0.00 | — | 0.01 | Jul 17, 2024 | Zohocorp ManageEngine DDI Central versions 4001 and prior were vulnerable to directory traversal vulnerability which allows the user to upload new files to the server folder. | |||
| CVE-2024-27313 | 0.00 | — | 0.01 | May 29, 2024 | Zoho ManageEngine PAM360 is vulnerable to Stored XSS vulnerability. This vulnerability is applicable only in the version 6610. | |||
| CVE-2024-36037 | 0.00 | — | 0.00 | May 27, 2024 | Zoho ManageEngine ADAudit Plus versions 7260 and below allows unauthorized local agent machine users to view the session recordings. | |||
| CVE-2024-36036 | 0.00 | — | 0.00 | May 27, 2024 | Zoho ManageEngine ADAudit Plus versions 7260 and below allows unauthorized local agent machine users to access sensitive information and modifying the agent configuration. | |||
| CVE-2024-27310 | 0.00 | — | 0.02 | May 27, 2024 | Zoho ManageEngine ADSelfService Plus versions below 6401 are vulnerable to the DOS attack due to the malicious LDAP input. | |||
| CVE-2024-27314 | 0.00 | — | 0.02 | May 27, 2024 | Zoho ManageEngine ServiceDesk Plus versions below 14730, ServiceDesk Plus MSP below 14720 and SupportCenter Plus below 14720 are vulnerable to stored XSS in the Custom Actions menu on the request details. This vulnerability can be exploited only by the SDAdmin role users. | |||
| CVE-2024-21791 | 0.00 | — | 0.02 | May 22, 2024 | Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection in lockout history option. Note: Non-admin users cannot exploit this vulnerability. | |||
| CVE-2023-49335 | 0.00 | — | 0.03 | May 20, 2024 | Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection while getting file server details. | |||
| CVE-2023-49334 | 0.00 | — | 0.03 | May 20, 2024 | Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection while exporting a full summary report. | |||
| CVE-2023-49333 | 0.00 | — | 0.03 | May 20, 2024 | Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection in the dashboard graph feature. |
- CVE-2025-27709Jun 9, 2025risk 0.00cvss —epss 0.01
Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the Service Account Auditing reports.
- CVE-2025-3835Jun 9, 2025risk 0.00cvss —epss 0.02
Zohocorp ManageEngine Exchange Reporter Plus versions 5721 and prior are vulnerable to Remote code execution in the Content Search module.
- CVE-2025-41407May 23, 2025risk 0.00cvss —epss 0.01
Zohocorp ManageEngine ADAudit Plus versions below 8511 are vulnerable to SQL injection in the OU History report.
- CVE-2025-41403May 22, 2025risk 0.00cvss —epss 0.01
Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection while fetching service account audit data.
- CVE-2025-3836May 22, 2025risk 0.00cvss —epss 0.05
Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the logon events aggregate report.
- CVE-2025-3444May 22, 2025risk 0.00cvss —epss 0.01
Zohocorp ManageEngine ServiceDesk Plus MSP and SupportCenter Plus versions below 14920 are vulnerable to authenticated Local File Inclusion (LFI) in the Admin module, where help card content is loaded.
- CVE-2025-3834May 14, 2025risk 0.00cvss —epss 0.01
Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the OU History report.
- CVE-2025-3833May 14, 2025risk 0.00cvss —epss 0.28
Zohocorp ManageEngine ADSelfService Plus versions 6513 and prior are vulnerable to authenticated SQL injection in the MFA reports.
- CVE-2024-50053Mar 21, 2025risk 0.00cvss —epss 0.01
Zohocorp ManageEngine ServiceDesk Plus versions below 14920 , ServiceDesk Plus MSP and SupportCentre Plus versions below 14910 are vulnerable to Stored XSS in the task feature.
- CVE-2025-1723Mar 3, 2025risk 0.00cvss —epss 0.01
Zohocorp ManageEngine ADSelfService Plus versions 6510 and below are vulnerable to account takeover due to the session mishandling. Valid account holders in the setup only have the potential to exploit this bug.
- CVE-2024-9097Feb 5, 2025risk 0.00cvss —epss 0.01
ManageEngine Endpoint Central versions before 11.3.2440.09 are vulnerable to IDOR vulnerability which allows the attacker to change the username in the chat.
- CVE-2024-41140Jan 29, 2025risk 0.00cvss —epss 0.01
Zohocorp ManageEngine Applications Manager versions 174000 and prior are vulnerable to the incorrect authorization in the update user function.
- CVE-2024-52323Nov 27, 2024risk 0.00cvss —epss 0.01
Zohocorp ManageEngine Analytics Plus versions below 6100 are vulnerable to authenticated sensitive data exposure which allows the users to retrieve sensitive tokens associated to the org-admin account.
- CVE-2024-49574Nov 18, 2024risk 0.00cvss —epss 0.02
Zohocorp ManageEngine ADAudit Plus versions below 8123 are vulnerable to SQL Injection in the reports module.
- CVE-2024-10203Nov 7, 2024risk 0.00cvss —epss 0.00
Zohocorp ManageEngine EndPoint Central versions 11.3.2416.21 and below, 11.3.2428.9 and below are vulnerable to Arbitrary File Deletion in the agent installed machines.
- CVE-2024-9459Nov 5, 2024risk 0.00cvss —epss 0.02
Zohocorp ManageEngine Exchange Reporter Plus versions 5718 and prior are vulnerable to authenticated SQL Injection in reports module.
- CVE-2024-36485Nov 4, 2024risk 0.00cvss —epss 0.01
Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to SQL Injection in Technician reports option.
- CVE-2024-48878Nov 4, 2024risk 0.00cvss —epss 0.01
Zohocorp ManageEngine ADManager Plus versions 7241 and prior are vulnerable to SQL Injection in Archived Audit Report.
- CVE-2024-5608Oct 24, 2024risk 0.00cvss —epss 0.01
Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to SQL Injection in the technician reports feature.
- CVE-2024-38868Aug 30, 2024risk 0.00cvss —epss 0.01
Zohocorp ManageEngine Endpoint Central affected by Incorrect authorization vulnerability while isolating the devices.This issue affects Endpoint Central: before 11.3.2406.08 and before 11.3.2400.15
- CVE-2024-6204Aug 30, 2024risk 0.00cvss —epss 0.02
Zohocorp ManageEngine Exchange Reporter Plus versions before 5715 are vulnerable to SQL Injection in the reports module.
- CVE-2024-5546Aug 28, 2024risk 0.00cvss —epss 0.03
Zohocorp ManageEngine Password Manager Pro versions before 12431 and ManageEngine PAM360 versions before 7001 are affected by authenticated SQL Injection vulnerability via a global search option.
- CVE-2024-41150Aug 23, 2024risk 0.00cvss —epss 0.01
An Stored Cross-site Scripting vulnerability in request module affects Zohocorp ManageEngine ServiceDesk Plus, ServiceDesk Plus MSP and SupportCenter Plus.This issue affects ServiceDesk Plus versions: through 14810; ServiceDesk Plus MSP: through 14800; SupportCenter Plus:…
- CVE-2024-38869Aug 23, 2024risk 0.00cvss —epss 0.01
Zohocorp ManageEngine Endpoint Central affected by Incorrect authorization vulnerability in remote office deploy configurations.This issue affects Endpoint Central: before 11.3.2416.04 and before 11.3.2400.25.
- CVE-2024-5586Aug 23, 2024risk 0.00cvss —epss 0.05
Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to the authenticated SQL injection in extranet lockouts report option.
- CVE-2024-5556Aug 23, 2024risk 0.00cvss —epss 0.05
Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in reports module.
- CVE-2024-5490Aug 23, 2024risk 0.00cvss —epss 0.04
Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in aggregate reports option.
- CVE-2024-36514Aug 23, 2024risk 0.00cvss —epss 0.04
Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in file summary option.
- CVE-2024-36515Aug 23, 2024risk 0.00cvss —epss 0.05
Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in dashboard. Note: This vulnerability is different from another vulnerability (CVE-2024-36516), both of which have affected ADAudit Plus' dashboard.
- CVE-2024-36516Aug 23, 2024risk 0.00cvss —epss 0.04
Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in dashboard. Note: This vulnerability is different from another vulnerability (CVE-2024-36515), both of which have affected ADAudit Plus' dashboard.
- CVE-2024-36517Aug 23, 2024risk 0.00cvss —epss 0.05
Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in alerts module.
- CVE-2024-5467Aug 23, 2024risk 0.00cvss —epss 0.05
Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to the authenticated SQL injection in account lockout report.
- CVE-2024-36034Aug 12, 2024risk 0.00cvss —epss 0.07
Zohocorp ManageEngine ADAudit Plus versions below 8003 are vulnerable to authenticated SQL Injection in aggregate reports' search option.
- CVE-2024-36035Aug 12, 2024risk 0.00cvss —epss 0.07
Zohocorp ManageEngine ADAudit Plus versions below 8003 are vulnerable to authenticated SQL Injection in user session recording.
- CVE-2024-36518Aug 12, 2024risk 0.00cvss —epss 0.03
Zohocorp ManageEngine ADAudit Plus versions below 8110 are vulnerable to authenticated SQL Injection in attack surface analyzer's dashboard.
- CVE-2024-5487Aug 12, 2024risk 0.00cvss —epss 0.05
Zohocorp ManageEngine ADAudit Plus versions below 8110 are vulnerable to authenticated SQL Injection in attack surface analyzer's export option.
- CVE-2024-5527Aug 12, 2024risk 0.00cvss —epss 0.05
Zohocorp ManageEngine ADAudit Plus versions below 8110 are vulnerable to authenticated SQL Injection in file auditing configuration.
- CVE-2024-5678Aug 1, 2024risk 0.00cvss —epss 0.03
Zohocorp ManageEngine Applications Manager versions 170900 and below are vulnerable to the authenticated admin-only SQL Injection in the Create Monitor feature.
- CVE-2024-38872Jul 26, 2024risk 0.00cvss —epss 0.03
Zohocorp ManageEngine Exchange Reporter Plus versions 5717 and below are vulnerable to the authenticated SQL injection in the monitoring module.
- CVE-2024-38871Jul 26, 2024risk 0.00cvss —epss 0.03
Zohocorp ManageEngine Exchange Reporter Plus versions 5717 and below are vulnerable to the authenticated SQL injection in the reports module.
- CVE-2024-27311Jul 17, 2024risk 0.00cvss —epss 0.01
Zohocorp ManageEngine DDI Central versions 4001 and prior were vulnerable to directory traversal vulnerability which allows the user to upload new files to the server folder.
- CVE-2024-27313May 29, 2024risk 0.00cvss —epss 0.01
Zoho ManageEngine PAM360 is vulnerable to Stored XSS vulnerability. This vulnerability is applicable only in the version 6610.
- CVE-2024-36037May 27, 2024risk 0.00cvss —epss 0.00
Zoho ManageEngine ADAudit Plus versions 7260 and below allows unauthorized local agent machine users to view the session recordings.
- CVE-2024-36036May 27, 2024risk 0.00cvss —epss 0.00
Zoho ManageEngine ADAudit Plus versions 7260 and below allows unauthorized local agent machine users to access sensitive information and modifying the agent configuration.
- CVE-2024-27310May 27, 2024risk 0.00cvss —epss 0.02
Zoho ManageEngine ADSelfService Plus versions below 6401 are vulnerable to the DOS attack due to the malicious LDAP input.
- CVE-2024-27314May 27, 2024risk 0.00cvss —epss 0.02
Zoho ManageEngine ServiceDesk Plus versions below 14730, ServiceDesk Plus MSP below 14720 and SupportCenter Plus below 14720 are vulnerable to stored XSS in the Custom Actions menu on the request details. This vulnerability can be exploited only by the SDAdmin role users.
- CVE-2024-21791May 22, 2024risk 0.00cvss —epss 0.02
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection in lockout history option. Note: Non-admin users cannot exploit this vulnerability.
- CVE-2023-49335May 20, 2024risk 0.00cvss —epss 0.03
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection while getting file server details.
- CVE-2023-49334May 20, 2024risk 0.00cvss —epss 0.03
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection while exporting a full summary report.
- CVE-2023-49333May 20, 2024risk 0.00cvss —epss 0.03
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection in the dashboard graph feature.
Page 4 of 6