manageengine Latest Vulnerabilities

November 27

Zohocorp ManageEngine Analytics Plus Vulnerable to Authenticated Sensitive Data Exposure

CVE-2024-52323
ManageengineAnalytics Plus8.1HIGH

November 18

Zohocorp ManageEngine ADAudit Plus SQL Injection Vulnerability

CVE-2024-49574
ManageengineAdaudit Plus8.3HIGH

November 8

ManageEngine SharePoint Manager Plus vulnerable to XML External Entity (XXE) attack

CVE-2024-10839
ManageengineSharepoint Manager Plus8.1HIGH

Privilege Escalation Vulnerability in ADManager Plus

CVE-2024-24409
ManageengineAdmanager Plus8.8HIGH

November 7

Arbitrary File Deletion Vulnerability in EndPoint Central Agents

CVE-2024-10203
ManageengineEndpoint Central7HIGH

November 5

Zohocorp ManageEngine Exchange Reporter Plus vulnerable to SQL Injection

CVE-2024-9459
ManageengineExchange Reporter Plus8.8HIGH

November 4

SQL Injection Vulnerability in Technician Reports Option

CVE-2024-36485
ManageengineAdaudit Plus8.8HIGH

October 24

Zohocorp ADAudit Plus Vulnerable to SQL Injection in Technician Reports

CVE-2024-5608
ManageengineAdaudit Plus8.1HIGH

August 30

Incorrect Authorization Vulnerability Affects Zohocorp's Endpoint Central

CVE-2024-38868
ManageengineEndpoint Central8.3HIGH

August 28

Zohocorp Password Manager Pro vulnerable to SQL Injection via Global Search Option

CVE-2024-5546
ManageenginePassword Manager Pro8.8HIGH

August 23

Stored Cross-site Scripting vulnerability in ManageEngine ServiceDesk Plus, ServiceDesk Plus MSP and SupportCenter Plus

CVE-2024-41150
ManageengineServicedesk Plus6.1MEDIUM

Stored Cross-site Scripting vulnerability affects Zohocorp ServiceDesk Plus, ServiceDesk Plus MSP and SupportCenter Plus

CVE-2024-38869
ManageengineEndpoint Central5.4MEDIUM

Zohocorp ADAudit Plus Vulnerable to Authenticated SQL Injection

CVE-2024-5586
ManageengineAdaudit Plus8.8HIGH

Zohocorp ADAudit Plus Vulnerable to Authenticated SQL Injection

CVE-2024-5556
ManageengineAdaudit Plus8.8HIGH

Zohocorp ADAudit Plus Critical Vulnerability Could Lead to SQL Injection

CVE-2024-5490
ManageengineAdaudit Plus8.8HIGH

Authenticated SQL Injection Vulnerability in ManageEngine ADAudit Plus Below Version 8000

CVE-2024-36514
ManageengineAdaudit Plus8.8HIGH

ManageEngine ADAudit Plus Vulnerable to Authenticated SQL Injection

CVE-2024-36515
ManageengineAdaudit Plus8.8HIGH

Zohocorp ADAudit Plus Versions Below 8000 Vulnerable to Authenticated SQL Injection

CVE-2024-36516
ManageengineAdaudit Plus8.8HIGH

Zohocorp ManageEngine ADAudit Plus vulnerable to SQL injection

CVE-2024-36517
ManageengineAdaudit Plus8.8HIGH

Zohocorp ManageEngine ADAudit Plus Versions Below 8121 Vulnerable to Authenticated SQL Injection

CVE-2024-5467
ManageengineAdaudit Plus8.8HIGH

ManageEngine OpManager Vulnerable to Remote Code Execution

CVE-2024-5466
ManageengineOpmanager, Remote Moni...8.8HIGH

August 12

Zohocorp ADAudit Plus Vulnerability: Authenticated SQL Injection in Aggregate Reports' Search Option

CVE-2024-36034
ManageengineAdaudit Plus8.8HIGH

Zohocorp ManageEngine ADAudit Plus vulnerable to authenticated SQL Injection

CVE-2024-36035
ManageengineAdaudit Plus8.8HIGH

Vulnerability in ManageEngine ADAudit Plus

CVE-2024-36518
ManageengineAdaudit Plus8.3HIGH

Zohocorp ManageEngine ADAudit Plus vulnerable to SQL Injection

CVE-2024-5487
ManageengineAdaudit Plus8.8HIGH

{"value":"Zohocorp ManageEngine ADAudit Plus Vulnerable to Authenticated SQL Injection in File Auditing Configuration","type":"short"}

CVE-2024-5527
ManageengineAdaudit Plus8.8HIGH

August 1

{"name":"Zohocorp Applications Manager vulnerable to SQL Injection"}

CVE-2024-5678
ManageengineApplications Manager4.7MEDIUM

July 17

ManageEngine OpManager vulnerable to Stored XSS vulnerability

CVE-2024-38870
ManageengineOpmanager, Opmanager P...3.5LOW

Agent Takeover Vulnerability in DDI Central Versions 4001 and Prior

CVE-2024-5471
ManageengineDdi Central9.8CRITICAL

Vulnerability in DDI Central Could Allow Directory Traversal

CVE-2024-27311
ManageengineDdi Central8.8HIGH

June 24

Zoho ManageEngine ITOM Proxy Server Cross-Site Scripting Vulnerability

CVE-2024-36038
ManageengineOpmanager6.3MEDIUM

May 29

Zoho ManageEngine PAM360 Vulnerable to Stored XSS

CVE-2024-27313
ManageenginePam3604.6MEDIUM

May 27

Unauthorized Access to Session Recordings in ADAudit Plus

CVE-2024-36037
ManageengineAdaudit Plus5.5MEDIUM

Unauthorized Access to Sensitive Information in ManageEngine ADAudit Plus

CVE-2024-36036
ManageengineAdaudit Plus4.2MEDIUM

Zoho ADSelfService Plus Vulnerable to DOS Attack

CVE-2024-27310
ManageengineAdselfservice Plus6.5MEDIUM

Zoho ServiceDesk Plus vulnerable to stored XSS

CVE-2024-27314
ManageengineServicedesk Plus, Serv...2.4LOW

May 22

SQL Injection in ADAudit Plus

CVE-2024-21791
ManageengineAdaudit Plus4.7MEDIUM

May 20

Zoho ManageEngine ADAudit Plus Vulnerability Allows SQL Injection

CVE-2023-49335
ManageengineAdaudit Plus8.3HIGH

Zoho ManageEngine ADAudit Plus Vulnerability: SQL Injection Risk in Export Function

CVE-2023-49334
ManageengineAdaudit Plus8.3HIGH

Zoho ManageEngine ADAudit Plus Vulnerability: SQL Injection in Dashboard Graph Feature

CVE-2023-49333
ManageengineAdaudit Plus8.3HIGH

Zoho ManageEngine ADAudit Plus Vulnerable to SQL Injection and File Share Attacks

CVE-2023-49332
ManageengineAdaudit Plus8.3HIGH

Zoho ManageEngine ADAudit Plus Vulnerability: SQL Injection in Aggregate Reports Search Option

CVE-2023-49331
ManageengineAdaudit Plus8.3HIGH

Low-Privileged User Can Perform Admin Actions on Zoho ManageEngine PAM360 Version 6601

CVE-2024-27312
ManageenginePam3608.1HIGH

Zoho ManageEngine ADAudit Plus Vulnerability: SQL Injection Risk

CVE-2023-49330
ManageengineAdaudit Plus8.3HIGH

February 16

Zoho ManageEngine Exchange Reporter Plus Vulnerable to Authenticated SQL Injection

CVE-2024-21775
ManageengineExchange Reporter Plus8.8HIGH

February 2

SQL Injection

CVE-2024-0269
ManageengineAdaudit Plus8.8HIGH

SQL Injection

CVE-2024-0253
ManageengineAdaudit Plus8.8HIGH

January 11

ManageEngine ADSelfService Plus Vulnerable to Remote Code Execution

CVE-2024-0252
ManageengineAdselfservice Plus8.8HIGH

January 8

ManageEngine OpManager Directory Traversal Vulnerability

CVE-2023-47211
ManageEngine8.6HIGH

November 15

ManageEngine Information Disclosure in Multiple Products

CVE-2023-6105
ManageEngineService Desk Plus5.5MEDIUM

November 3

Improper Neutralization of CRLF Sequences in ManageEngine Desktop Central

CVE-2023-4768
ManageengineDesktop Central6.1MEDIUM

Server-Side Request Forgery in ManageEngine Desktop Central

CVE-2023-4769
ManageEngineDesktop Central8.8HIGH

Improper Neutralization of CRLF Sequences in ManageEngine Desktop Central

CVE-2023-4767
ManageengineDesktop Central6.1MEDIUM

September 6

ManageEngine ADSelfService Plus GINA Client Insufficient Verification of Data Authenticity Authentication Bypass Vulnerability

CVE-2023-35719
ManageengineAdselfservice Plus6.8MEDIUM

March 30

CVE-2022-43473
ManageengineOpmanager5.8MEDIUM

September 21

CVE-2020-19554
ManageengineOpmanager6.1MEDIUM

CVE-2021-28960
ManageengineDesktop Central9.8CRITICAL

August 28

CVE-2018-15608
ManageengineAdmanager Plus6.1MEDIUM

July 13

ManageEngine Applications Manager 12 and 13, allows unserialization of unsafe Java objects

CVE-2016-9498
ManageengineApplications Manager9.8CRITICAL

ManageEngine Applications Manager 12 and 13 is vulnerable to privilege escalation due to improper restriction of an XML external entity

CVE-2016-9491
ManageengineApplications Manager4.9MEDIUM

ManageEngine Applications Manager 12 and 13 is vulnerable to privilege escalation and authentication bypass

CVE-2016-9489
ManageengineApplications Manager8.8HIGH

June 5

ManageEngine Applications Manager versions 12 and 13 suffer from remote SQL injection vulnerabilities

CVE-2016-9488
ManageengineApplications Manager9.8CRITICAL

ManageEngine Applications Manager versions 12 and 13 suffer from a Reflected Cross-Site Scripting vulnerability

CVE-2016-9490
ManageengineApplications Manager6.1MEDIUM

September 28

CVE-2015-8249
ManageengineDesktop Central9.8CRITICAL

August 28

CVE-2014-5302
ManageengineServicedesk Plus8.8HIGH

CVE-2014-5301
ManageengineServicedesk Plus8.8HIGH

February 4

CVE-2015-1480
ManageengineServicedesk Plus

December 16

CVE-2014-9372
ManageenginePassword Manager Pro

CVE-2014-9373
ManageengineNetflow Analyzer

December 5

CVE-2014-3996
ManageengineIt360

November 25

CVE-2014-8678
ManageengineOputils

November 17

CVE-2014-8499
ManageenginePassword Manager Pro

September 4

CVE-2014-5377
ManageengineDevice Expert

September 10

CVE-2012-4891
ManageengineFirewall Analyzer

CVE-2012-4889
ManageengineFirewall Analyzer

August 12

CVE-2012-2585
ManageengineServicedesk Plus

February 14

CVE-2012-1062
ManageengineApplications Manager

CVE-2012-1063
ManageengineApplications Manager

February 13

CVE-2012-1049
ManageengineAdmanager Plus

September 27

CVE-2010-4840
ManageengineEventlog Analyzer

CVE-2010-4841
ManageengineEventlog Analyzer

September 20

CVE-2011-1510
ManageengineServicedesk Plus

CVE-2011-1509
ManageengineServicedesk Plus

July 17

CVE-2011-2757
ManageengineServicedesk Plus

CVE-2011-2755
ManageengineServicedesk Plus

CVE-2011-2756
ManageengineServicedesk Plus

May 25

CVE-2010-2049
ManageengineAdaudit Plus

March 23

CVE-2010-1044
ManageengineOputils

December 22

CVE-2009-4387
ManageenginePassword Manager Pro

November 6

CVE-2009-3903
ManageengineNetflow Analyzer

June 20

CVE-2008-2797
ManageengineOputils

April 14

CVE-2008-1775
ManageengineFirewall Analyzer

March 31

CVE-2008-1566
ManageengineApplications Manager

March 28

CVE-2008-1538
ManageengineEventlog Analyzer

March 20

CVE-2008-1432
ManageengineSupportcenter Plus

March 12

CVE-2008-1299
ManageengineServicedesk Plus

January 29

CVE-2008-0475
ManageengineApplications Manager

CVE-2008-0474
ManageengineApplications Manager

CVE-2008-0476
ManageengineApplications Manager

November 8

CVE-2007-5891
ManageengineOpmanager