Total 533 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2022-29081 1 Zohocorp 3 Manageengine Access Manager Plus, Manageengine Pam360, Manageengine Password Manager Pro 2025-01-13 9.8 Critical
Zoho ManageEngine Access Manager Plus before 4302, Password Manager Pro before 12007, and PAM360 before 5401 are vulnerable to access-control bypass on a few Rest API URLs (for SSOutAction. SSLAction. LicenseMgr. GetProductDetails. GetDashboard. FetchEvents. and Synchronize) via the ../RestAPI substring.
CVE-2022-40300 1 Zohocorp 3 Manageengine Access Manager Plus, Manageengine Pam360, Manageengine Password Manager Pro 2025-01-13 9.8 Critical
Zoho ManageEngine Password Manager Pro through 12120 before 12121, PAM360 through 5550 before 5600, and Access Manager Plus through 4304 before 4305 have multiple SQL injection vulnerabilities.
CVE-2024-5466 1 Zohocorp 5 Manageengine Opmanager, Manageengine Opmanager Msp, Manageengine Opmanager Plus and 2 more 2024-12-19 8.8 High
Zohocorp ManageEngine OpManager and Remote Monitoring and Management versions 128329 and below are vulnerable to the authenticated remote code execution in the deploy agent option.
CVE-2024-27310 1 Zohocorp 1 Manageengine Adselfservice Plus 2024-11-27 5.3 Medium
Zoho ManageEngine ADSelfService Plus versions below 6401 are vulnerable to the DOS attack due to the malicious LDAP input.
CVE-2024-27313 1 Zohocorp 1 Manageengine Pam360 2024-11-27 6.3 Medium
Zoho ManageEngine PAM360 is vulnerable to Stored XSS vulnerability. This vulnerability is applicable only in the version 6610.
CVE-2024-36037 2 Manageengine, Zohocorp 2 Adaudit Plus, Manageengine Adaudit Plus 2024-11-27 5.5 Medium
Zoho ManageEngine ADAudit Plus versions 7260 and below allows unauthorized local agent machine users to view the session recordings.
CVE-2024-52323 1 Manageengine 1 Analytic Plus 2024-11-27 8.1 High
Zohocorp ManageEngine Analytics Plus versions below 6100 are vulnerable to authenticated sensitive data exposure which allows the users to retrieve sensitive tokens associated to the org-admin account.
CVE-2023-31492 1 Zohocorp 1 Manageengine Admanager Plus 2024-11-26 6.5 Medium
Zoho ManageEngine ADManager Plus version 7182 and prior disclosed the default passwords for the account restoration of unauthorized domains to the authenticated users.
CVE-2024-21775 1 Zohocorp 1 Manageengine Exchange Reporter Plus 2024-11-26 8.3 High
Zoho ManageEngine Exchange Reporter Plus versions 5714 and below are vulnerable to the Authenticated SQL injection in report exporting feature.
CVE-2024-49574 1 Zohocorp 1 Manageengine Adaudit Plus 2024-11-26 8.3 High
Zohocorp ManageEngine ADAudit Plus versions below 8123 are vulnerable to SQL Injection in the reports module.
CVE-2024-5608 2 Manageengine, Zohocorp 2 Adaudit Plus, Manageengine Adaudit Plus 2024-11-26 8.3 High
Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to SQL Injection in the technician reports feature.
CVE-2024-27312 2 Manageengine, Zohocorp 2 Pam360, Manageengine Pam360 2024-11-25 8.1 High
Zohocorp ManageEngine PAM360 version 6601 is vulnerable to authorization vulnerability which allows a low-privileged user to perform admin actions. Note: This vulnerability affects only the PAM360 6600 version. No other versions are applicable to this vulnerability.
CVE-2023-35786 1 Zohocorp 1 Manageengine Admanager Plus 2024-11-22 4.9 Medium
Zoho ManageEngine ADManager Plus before 7183 allows admin users to exploit an XXE issue to view files.
CVE-2024-36518 2 Manageengine, Zohocorp 2 Adaudit Plus, Manageengine Adaudit Plus 2024-11-21 8.3 High
Zohocorp ManageEngine ADAudit Plus versions below 8110 are vulnerable to authenticated SQL Injection in attack surface analyzer's dashboard.
CVE-2024-6748 2024-11-21 8.3 High
Zohocorp ManageEngine OpManager, OpManager Plus, OpManager MSP and RMM versions 128317 and below are vulnerable to authenticated SQL injection in the URL monitoring.
CVE-2024-5471 1 Zohocorp 1 Manageengine Ddi Central 2024-11-21 8.8 High
Zohocorp ManageEngine DDI Central versions 4001 and prior were vulnerable to agent takeover vulnerability due to the hard-coded sensitive keys.
CVE-2024-38872 1 Zohocorp 1 Manageengine Exchange Reporter Plus 2024-11-21 8.3 High
Zohocorp ManageEngine Exchange Reporter Plus versions 5717 and below are vulnerable to the authenticated SQL injection in the monitoring module.
CVE-2024-38871 1 Zohocorp 1 Manageengine Exchange Reporter Plus 2024-11-21 8.3 High
Zohocorp ManageEngine Exchange Reporter Plus versions 5717 and below are vulnerable to the authenticated SQL injection in the reports module.
CVE-2024-38870 2024-11-21 3.5 Low
Zohocorp ManageEngine OpManager, OpManager Plus, OpManager MSP and OpManager Enterprise Edition versions before 128104, from 128151 before 128238, from 128247 before 128250 are vulnerable to Stored XSS vulnerability in reports module.
CVE-2024-36038 1 Zohocorp 1 Manageengine Opmanager Plus 2024-11-21 6.3 Medium
Zoho ManageEngine ITOM products versions from 128234 to 128248 are affected by the stored cross-site scripting vulnerability in the proxy server option.