Zohocorp Analytics Plus vulnerabilities

2 known vulnerabilities affecting zohocorp/analytics_plus.

Total CVEs

2

CISA KEV

0

Public exploits

0

Exploited in wild

0

Severity breakdown

HIGH2

Vulnerabilities

Page 1 of 1

CVE-2025-9428HIGHCVSS 8.8≤ 61712025-10-21

CVE-2025-9428 [HIGH] CWE-89 CVE-2025-9428: Zohocorp ManageEngine Analytics Plus versions 6171 and prior are vulnerable to authenticated SQL Inj Zohocorp ManageEngine Analytics Plus versions 6171 and prior are vulnerable to authenticated SQL Injection via the key update api.

CVE-2025-1724HIGHCVSS 7.4fixed in 61302025-03-17

CVE-2025-1724 [HIGH] CWE-798 CVE-2025-1724: Zohocorp's ManageEngine Analytics Plus and Zoho Analytics on-premise versions older than 6130 are vu Zohocorp's ManageEngine Analytics Plus and Zoho Analytics on-premise versions older than 6130 are vulnerable to an AD only account takeover because of a hardcoded sensitive token.