threat
engine
.sh
Back
·
··:··
Home
/
Product
/
zohocorp manageengine admanager plus
Product
zohocorp manageengine admanager plus
55 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2025-9435
< 7.2
Zohocorp ManageEngine ADManager Plus versions below 7230 are vulnerable to Path Traversal in the User Management module
5.5
MEDIUM
CVE-2025-11670
< 8.0
Zohocorp ManageEngine ADManager Plus versions before 8025 are vulnerable to NTLM Hash Exposure. This vulnerability is exploitab
6.4
MEDIUM
CVE-2025-10020
< 8.0
Zohocorp ManageEngine ADManager Plus version before 8024 are vulnerable to authenticated command injection vulnerability in the Cu
8.5
HIGH
CVE-2024-24409
all versions
Zohocorp ManageEngine ADManager Plus versions 7203 and prior are vulnerable to Privilege Escalation in the Modify Computers opti
8.8
HIGH
CVE-2024-48878
< 7.2
Zohocorp ManageEngine ADManager Plus versions 7241 and prior are vulnerable to SQL Injection in Archived Audit Report.
8.3
HIGH
CVE-2023-6105
< 7.2
An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed.
5.5
MEDIUM
CVE-2023-41904
< 7.2
Zoho ManageEngine ADManager Plus before 7203 allows 2FA bypass (for AuthToken generation) in REST APIs.
5.4
MEDIUM
CVE-2023-38743
< 7.2
Zoho ManageEngine ADManager Plus before Build 7200 allows admin users to execute commands on the host machine.
7.2
HIGH
CVE-2023-39912
< 7.2
Zoho ManageEngine ADManager Plus before 7203 allows Help Desk Technician users to read arbitrary files on the machine where this p
4.9
MEDIUM
CVE-2023-35785
< 7.2
Zoho ManageEngine Active Directory 360 versions 4315 and below, ADAudit Plus 7202 and below, ADManager Plus 7200 and below, Asset
8.1
HIGH
CVE-2023-31492
< 7.1
Zoho ManageEngine ADManager Plus version 7182 and prior disclosed the default passwords for the account restoration of unauthorize
6.5
MEDIUM
CVE-2023-38332
< 7.2
Zoho ManageEngine ADManager Plus through 7201 allow authenticated users to take over another user's account via sensitive informat
6.5
MEDIUM
CVE-2023-35786
< 7.1
Zoho ManageEngine ADManager Plus before 7183 allows admin users to exploit an XXE issue to view files.
4.9
MEDIUM
CVE-2023-29084
< 7.1
Zoho ManageEngine ADManager Plus before 7181 allows for authenticated users to exploit command injection via Proxy settings.
7.2
HIGH
CVE-2022-47966
< 7.1
Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of
9.8
CRITICAL
CVE-2022-42904
< 7.1
Zoho ManageEngine ADManager Plus through 7151 allows authenticated admin users to execute the commands in proxy settings.
7.2
HIGH
CVE-2022-29457
< 7.1
Zoho ManageEngine ADSelfService Plus before 6121, ADAuditPlus 7060, Exchange Reporter Plus 5701, and ADManagerPlus 7131 allow NTLM
8.8
HIGH
CVE-2021-42002
< 7.1
Zoho ManageEngine ADManager Plus before 7115 is vulnerable to a filter bypass that leads to file-upload remote code execution.
9.8
CRITICAL
CVE-2021-20131
< 7.1
ManageEngine ADManager Plus Build 7111 contains a post-authentication remote code execution vulnerability due to improperly valida
8.8
HIGH
CVE-2021-20130
< 7.1
ManageEngine ADManager Plus Build 7111 contains a post-authentication remote code execution vulnerability due to improperly valida
8.8
HIGH
CVE-2021-38298
< 7.1
Zoho ManageEngine ADManager Plus before 7110 is vulnerable to blind XXE.
9.8
CRITICAL
CVE-2021-37931
< 7.1
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
9.8
CRITICAL
CVE-2021-37930
< 7.1
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
9.8
CRITICAL
CVE-2021-37929
< 7.1
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
9.8
CRITICAL
CVE-2021-37928
< 7.1
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
9.8
CRITICAL
CVE-2021-37926
< 7.1
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
9.8
CRITICAL
CVE-2021-37924
< 7.1
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
9.8
CRITICAL
CVE-2021-37923
< 7.1
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
9.8
CRITICAL
CVE-2021-37922
< 7.1
Zoho ManageEngine ADManager Plus version 7110 and prior is vulnerable to path traversal which allows copying of files from one dir
5.3
MEDIUM
CVE-2021-37921
< 7.1
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
9.8
CRITICAL
CVE-2021-37920
< 7.1
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
9.8
CRITICAL
CVE-2021-37919
< 7.1
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
9.8
CRITICAL
CVE-2021-37918
< 7.1
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
9.8
CRITICAL
CVE-2021-37762
< 7.1
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file overwrite leading to remote code execution.
9.8
CRITICAL
CVE-2021-37761
< 7.1
Zoho ManageEngine ADManager Plus version 7110 and prior is vulnerable to unrestricted file upload, leading to remote code executio
9.8
CRITICAL
CVE-2021-37539
< 7.1
Zoho ManageEngine ADManager Plus before 7111 is vulnerable to unrestricted file which leads to Remote code execution.
9.8
CRITICAL
CVE-2021-37927
< 7.1
Zoho ManageEngine ADManager Plus version 7110 and prior allows account takeover via SSO.
9.8
CRITICAL
CVE-2021-37925
< 7.1
Zoho ManageEngine ADManager Plus version 7110 and prior has a Post-Auth OS command injection vulnerability.
9.8
CRITICAL
CVE-2021-37741
< 7.1
ManageEngine ADManager Plus before 7111 has Pre-authentication RCE vulnerabilities.
8.8
HIGH
CVE-2021-37424
< 6.1
ManageEngine ADSelfService Plus before 6112 is vulnerable to domain user account takeover.
9.8
CRITICAL
CVE-2021-37420
< 6.1
Zoho ManageEngine ADSelfService Plus before 6112 is vulnerable to mail spoofing.
6.5
MEDIUM
CVE-2021-37419
< 6.1
Zoho ManageEngine ADSelfService Plus before 6112 is vulnerable to SSRF.
7.5
HIGH
CVE-2021-36772
< 7.1
Zoho ManageEngine ADManager Plus before 7110 allows stored XSS.
6.1
MEDIUM
CVE-2021-36771
< 7.1
Zoho ManageEngine ADManager Plus before 7110 allows reflected XSS.
6.1
MEDIUM
CVE-2021-33911
< 7.1
Zoho ManageEngine ADManager Plus before 7110 allows remote code execution.
9.8
CRITICAL
CVE-2020-35594
< 7.0
Zoho ManageEngine ADManager Plus before 7066 allows XSS.
6.1
MEDIUM
CVE-2020-24786
<= 6.6
An issue was discovered in Zoho ManageEngine Exchange Reporter Plus before build number 5510, AD360 before build number 4228, ADSe
9.8
CRITICAL
CVE-2019-12876
all versions
Zoho ManageEngine ADManager Plus 6.6.5, ADSelfService Plus 5.7, and DesktopCentral 10.0.380 have Insecure Permissions, leading to
7.3
HIGH
CVE-2018-19374
all versions
Zoho ManageEngine ADManager Plus 6.6 Build 6657 allows local users to gain privileges (after a reboot) by placing a Trojan horse f
7.0
HIGH
CVE-2018-15740
all versions
Zoho ManageEngine ADManager Plus 6.5.7 has XSS on the "Workflow Delegation" "Requester Roles" screen.
6.1
MEDIUM
CVE-2018-15608
all versions
Zoho ManageEngine ADManager Plus 6.5.7 allows HTML Injection on the "AD Delegation" "Help Desk Technicians" screen.
6.1
MEDIUM
CVE-2017-17552
< 6.6
/LoadFrame in Zoho ManageEngine AD Manager Plus build 6590 - 6613 allows attackers to conduct URL Redirection attacks via the src
8.8
HIGH
CVE-2015-1026
<= 6.2
Multiple cross-site scripting (XSS) vulnerabilities in ZOHO ManageEngine ADManager Plus before 6.2 Build 6270 allow remote attacke
CVE-2012-1049
all versions
Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine ADManager Plus 5.2 Build 5210 allow remote attackers to inject
CVE-2010-5050
all versions
Cross-site scripting (XSS) vulnerability in jsp/admin/tools/remote_share.jsp in ManageEngine ADManager Plus 4.4.0 allows remote at
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin