threat
engine
.sh
Back
·
··:··
Home
/
Product
/
zohocorp manageengine adaudit plus
Product
zohocorp manageengine adaudit plus
53 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2025-41444
< 8.5
Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the alerts module.
8.3
HIGH
CVE-2025-36528
< 8.5
Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in Service Account Auditi
8.3
HIGH
CVE-2025-27709
< 8.5
Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the Service Account Au
8.3
HIGH
CVE-2025-41407
< 8.5
Zohocorp ManageEngine ADAudit Plus versions below 8511 are vulnerable to SQL injection in the OU History report.
8.3
HIGH
CVE-2025-36527
< 8.5
Zohocorp ManageEngine ADAudit Plus versions below 8511 are vulnerable to SQL injection while exporting reports.
8.3
HIGH
CVE-2025-41403
< 8.5
Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection while fetching service a
8.3
HIGH
CVE-2025-3836
< 8.5
Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the logon events aggr
8.3
HIGH
CVE-2025-3834
< 8.5
Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the OU History rep
8.1
HIGH
CVE-2024-49574
< 8.1
Zohocorp ManageEngine ADAudit Plus versions below 8123 are vulnerable to SQL Injection in the reports module.
8.3
HIGH
CVE-2024-36485
< 8.1
Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to SQL Injection in Technician reports option.
8.3
HIGH
CVE-2024-5608
< 8.1
Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to SQL Injection in the technician reports feature.
8.3
HIGH
CVE-2024-5586
<= 8.0
Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to the authenticated SQL injection in extranet lockouts
8.3
HIGH
CVE-2024-5556
< 8.0
Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in reports module.
8.3
HIGH
CVE-2024-5490
< 8.0
Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in aggregate reports o
8.3
HIGH
CVE-2024-5467
<= 8.0
Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to the authenticated SQL injection in account lockout rep
8.3
HIGH
CVE-2024-36517
< 8.0
Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in alerts module.
8.3
HIGH
CVE-2024-36516
< 8.0
Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in dashboard. Note: Th
8.3
HIGH
CVE-2024-36515
< 8.0
Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in dashboard. Note: Th
8.3
HIGH
CVE-2024-36514
< 8.0
Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in file summary option
8.3
HIGH
CVE-2024-5527
< 8.1
Zohocorp ManageEngine ADAudit Plus versions below 8110 are vulnerable to authenticated SQL Injection in file auditing configurati
8.3
HIGH
CVE-2024-5487
< 8.1
Zohocorp ManageEngine ADAudit Plus versions below 8110 are vulnerable to authenticated SQL Injection in attack surface analyzer's
8.3
HIGH
CVE-2024-36518
< 8.1
Zohocorp ManageEngine ADAudit Plus versions below 8110 are vulnerable to authenticated SQL Injection in attack surface analyzer's
8.3
HIGH
CVE-2024-36035
< 8.0
Zohocorp ManageEngine ADAudit Plus versions below 8003 are vulnerable to authenticated SQL Injection in user session recording.
8.3
HIGH
CVE-2024-36034
< 8.0
Zohocorp ManageEngine ADAudit Plus versions below 8003 are vulnerable to authenticated SQL Injection in aggregate reports' search
8.3
HIGH
CVE-2024-36037
< 7.2
Zoho ManageEngine ADAudit Plus versions 7260 and below allows unauthorized local agent machine users to view the session recording
5.5
MEDIUM
CVE-2024-36036
< 7.2
Zoho ManageEngine ADAudit Plus versions 7260 and below allows unauthorized local agent machine users to access sensitive informati
4.2
MEDIUM
CVE-2024-21791
< 7.2
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection in lockout history option. Note: Non-admin users cannot e
4.7
MEDIUM
CVE-2023-49335
< 7.2
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection while getting file server details.
8.3
HIGH
CVE-2023-49334
< 7.2
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection while exporting a full summary report.
8.3
HIGH
CVE-2023-49333
< 7.2
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection in the dashboard graph feature.
8.3
HIGH
CVE-2023-49332
< 7.2
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection while adding file shares.
8.3
HIGH
CVE-2023-49331
< 7.2
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection in the aggregate reports search option.
8.3
HIGH
CVE-2023-49330
< 7.2
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection while getting aggregate report data.
8.3
HIGH
CVE-2024-0269
< 7.2
ManageEngine ADAudit Plus versions 7270 and below are vulnerable to the Authenticated SQL injection in File-Summary DrillDown.
8.3
HIGH
CVE-2024-0253
< 7.2
ManageEngine ADAudit Plus versions 7270 and below are vulnerable to the Authenticated SQL injection in home Graph-Data.
8.3
HIGH
CVE-2023-48793
< 7.2
Zoho ManageEngine ADAudit Plus through 7250 allows SQL Injection in the aggregate report feature.
9.8
CRITICAL
CVE-2023-48792
< 7.2
Zoho ManageEngine ADAudit Plus through 7250 is vulnerable to SQL Injection in the report export option.
9.8
CRITICAL
CVE-2023-50785
all versions
Zoho ManageEngine ADAudit Plus before 7270 allows admin users to view names of arbitrary directories via path traversal.
2.7
LOW
CVE-2023-6105
< 7.2
An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed.
5.5
MEDIUM
CVE-2023-35785
< 7.2
Zoho ManageEngine Active Directory 360 versions 4315 and below, ADAudit Plus 7202 and below, ADManager Plus 7200 and below, Asset
8.1
HIGH
CVE-2023-32783
all versions
The event analysis component in Zoho ManageEngine ADAudit Plus 7.1.1 allows an attacker to bypass audit detection by creating or r
7.5
HIGH
CVE-2023-37308
< 7.0
Zoho ManageEngine ADAudit Plus before 7100 allows XSS via the username field.
5.4
MEDIUM
CVE-2022-47966
< 7.0
Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of
9.8
CRITICAL
CVE-2022-29457
< 7.0.0
Zoho ManageEngine ADSelfService Plus before 6121, ADAuditPlus 7060, Exchange Reporter Plus 5701, and ADManagerPlus 7131 allow NTLM
8.8
HIGH
CVE-2022-28219
<= 6.0
Cewolf in Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to an unauthenticated XXE attack that leads to Remote Code Exec
9.8
CRITICAL
CVE-2022-24978
<= 6.0
Zoho ManageEngine ADAudit Plus before 7055 allows authenticated Privilege Escalation on Integrated products. This occurs because a
8.8
HIGH
CVE-2021-42847
< 7.0
Zoho ManageEngine ADAudit Plus before 7006 allows attackers to write to, and execute, arbitrary files.
9.8
CRITICAL
CVE-2020-24786
<= 5.1
An issue was discovered in Zoho ManageEngine Exchange Reporter Plus before build number 5510, AD360 before build number 4228, ADSe
9.8
CRITICAL
CVE-2020-11532
< 6.0.3
Zoho ManageEngine DataSecurity Plus prior to 6.0.1 uses default admin credentials to communicate with a DataEngine Xnode server. T
9.8
CRITICAL
CVE-2020-11531
< 6.0.1
The DataEngine Xnode Server application in Zoho ManageEngine DataSecurity Plus prior to 6.0.1 does not validate the database schem
8.8
HIGH
CVE-2018-19118
< 5.1
Zoho ManageEngine ADAudit before 5.1 build 5120 allows remote attackers to cause a denial of service (stack-based buffer overflow)
7.5
HIGH
CVE-2018-10466
< 5.0.0
Zoho ManageEngine ADAudit Plus before 5.0.0 build 5100 allows blind SQL Injection.
9.8
CRITICAL
CVE-2010-2049
all versions
Cross-site scripting (XSS) vulnerability in jsp/audit/reports/ExportReport.jsp in ManageEngine ADAudit Plus 4.0.0 build 4043 allow
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin