Zohocorp Manageengine Admanager Plus vulnerabilities
53 known vulnerabilities affecting zohocorp/manageengine_admanager_plus.
Total CVEs
53
CISA KEV
1
actively exploited
Public exploits
8
Exploited in wild
2
Severity breakdown
CRITICAL22HIGH15MEDIUM16
Vulnerabilities
Page 2 of 3
CVE-2021-42002P2CRITICALCVSS 9.8fixed in 7.1v7.12021-11-11
CVE-2021-42002 [CRITICAL] CVE-2021-42002: Zoho ManageEngine ADManager Plus before 7115 is vulnerable to a filter bypass that leads to file-upl
Zoho ManageEngine ADManager Plus before 7115 is vulnerable to a filter bypass that leads to file-upload remote code execution.
nvd
CVE-2021-37761P2CRITICALCVSS 9.8fixed in 7.1v7.12021-09-27
CVE-2021-37761 [CRITICAL] CWE-434 CVE-2021-37761: Zoho ManageEngine ADManager Plus version 7110 and prior is vulnerable to unrestricted file upload, l
Zoho ManageEngine ADManager Plus version 7110 and prior is vulnerable to unrestricted file upload, leading to remote code execution.
nvd
CVE-2025-10020P2HIGHCVSS 8.8fixed in 8.0v8.0+1 more2025-10-21
CVE-2025-10020 [HIGH] CWE-77 CVE-2025-10020: Zohocorp ManageEngine ADManager Plus version before 8024 are vulnerable to authenticated command inj
Zohocorp ManageEngine ADManager Plus version before 8024 are vulnerable to authenticated command injection vulnerability in the Custom Script component.
nvd
CVE-2023-31492P3MEDIUMCVSS 6.5PoCfixed in 7.1v7.12023-08-17
CVE-2023-31492 [MEDIUM] CWE-522 CVE-2023-31492: Zoho ManageEngine ADManager Plus version 7182 and prior disclosed the default passwords for the acco
Zoho ManageEngine ADManager Plus version 7182 and prior disclosed the default passwords for the account restoration of unauthorized domains to the authenticated users.
nvd
CVE-2020-24786P2CRITICALCVSS 9.8≤ 6.6v7.02020-08-31
CVE-2020-24786 [CRITICAL] CWE-287 CVE-2020-24786: An issue was discovered in Zoho ManageEngine Exchange Reporter Plus before build number 5510, AD360
An issue was discovered in Zoho ManageEngine Exchange Reporter Plus before build number 5510, AD360 before build number 4228, ADSelfService Plus before build number 5817, DataSecurity Plus before build number 6033, RecoverManager Plus before build number 6017, EventLog Analyzer before build number 12136, ADAudit Plus before build number 6052, O365
nvd
CVE-2021-37762P2CRITICALCVSS 9.8fixed in 7.1v7.12021-10-07
CVE-2021-37762 [CRITICAL] CWE-434 CVE-2021-37762: Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file overwrite leading t
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file overwrite leading to remote code execution.
nvd
CVE-2021-33911P2CRITICALCVSS 9.8fixed in 7.1v7.12021-07-17
CVE-2021-33911 [CRITICAL] CVE-2021-33911: Zoho ManageEngine ADManager Plus before 7110 allows remote code execution.
Zoho ManageEngine ADManager Plus before 7110 allows remote code execution.
nvd
CVE-2018-15740P3MEDIUMCVSS 6.1PoCv6.5.72018-08-28
CVE-2018-15740 [MEDIUM] CWE-79 CVE-2018-15740: Zoho ManageEngine ADManager Plus 6.5.7 has XSS on the "Workflow Delegation" "Requester Roles" screen
Zoho ManageEngine ADManager Plus 6.5.7 has XSS on the "Workflow Delegation" "Requester Roles" screen.
nvd
CVE-2018-19374P3HIGHCVSS 7.0PoCv6.62019-04-30
CVE-2018-19374 [HIGH] CWE-732 CVE-2018-19374: Zoho ManageEngine ADManager Plus 6.6 Build 6657 allows local users to gain privileges (after a reboo
Zoho ManageEngine ADManager Plus 6.6 Build 6657 allows local users to gain privileges (after a reboot) by placing a Trojan horse file into the permissive bin directory.
nvd
CVE-2021-37741P3HIGHCVSS 8.8fixed in 7.1v7.12021-09-21
CVE-2021-37741 [HIGH] CWE-434 CVE-2021-37741: ManageEngine ADManager Plus before 7111 has Pre-authentication RCE vulnerabilities.
ManageEngine ADManager Plus before 7111 has Pre-authentication RCE vulnerabilities.
nvd
CVE-2024-48878P3HIGHCVSS 8.8fixed in 7.2v7.22024-11-04
CVE-2024-48878 [HIGH] CWE-89 CVE-2024-48878: Zohocorp ManageEngine ADManager Plus versions 7241 and prior are vulnerable to SQL Injection in Arch
Zohocorp ManageEngine ADManager Plus versions 7241 and prior are vulnerable to SQL Injection in Archived Audit Report.
nvd
CVE-2021-37424P3CRITICALCVSS 9.8fixed in 6.1v6.12021-09-21
CVE-2021-37424 [CRITICAL] CVE-2021-37424: ManageEngine ADSelfService Plus before 6112 is vulnerable to domain user account takeover.
ManageEngine ADSelfService Plus before 6112 is vulnerable to domain user account takeover.
nvd
CVE-2021-37927P3CRITICALCVSS 9.8fixed in 7.1v7.12021-09-22
CVE-2021-37927 [CRITICAL] CWE-347 CVE-2021-37927: Zoho ManageEngine ADManager Plus version 7110 and prior allows account takeover via SSO.
Zoho ManageEngine ADManager Plus version 7110 and prior allows account takeover via SSO.
nvd
CVE-2023-35785P3HIGHCVSS 8.1fixed in 7.2v7.22023-08-28
CVE-2023-35785 [HIGH] CWE-287 CVE-2023-35785: Zoho ManageEngine Active Directory 360 versions 4315 and below, ADAudit Plus 7202 and below, ADManag
Zoho ManageEngine Active Directory 360 versions 4315 and below, ADAudit Plus 7202 and below, ADManager Plus 7200 and below, Asset Explorer 6993 and below and 7xxx 7002 and below, Cloud Security Plus 4161 and below, Data Security Plus 6110 and below, Eventlog Analyzer 12301 and below, Exchange Reporter Plus 5709 and below, Log360 5315 and below, Log360
nvd
CVE-2022-42904P3HIGHCVSS 7.2fixed in 7.1v7.12022-11-18
CVE-2022-42904 [HIGH] CWE-77 CVE-2022-42904: Zoho ManageEngine ADManager Plus through 7151 allows authenticated admin users to execute the comman
Zoho ManageEngine ADManager Plus through 7151 allows authenticated admin users to execute the commands in proxy settings.
nvd
CVE-2021-38298P3CRITICALCVSS 9.8fixed in 7.1v7.12021-10-07
CVE-2021-38298 [CRITICAL] CWE-611 CVE-2021-38298: Zoho ManageEngine ADManager Plus before 7110 is vulnerable to blind XXE.
Zoho ManageEngine ADManager Plus before 7110 is vulnerable to blind XXE.
nvd
CVE-2017-17552P3HIGHCVSS 8.8fixed in 6.6v6.62018-02-07
CVE-2017-17552 [HIGH] CWE-352 CVE-2017-17552: /LoadFrame in Zoho ManageEngine AD Manager Plus build 6590 - 6613 allows attackers to conduct URL Re
/LoadFrame in Zoho ManageEngine AD Manager Plus build 6590 - 6613 allows attackers to conduct URL Redirection attacks via the src parameter, resulting in a bypass of CSRF protection, or potentially masquerading a malicious URL as trusted.
nvd
CVE-2021-37419P3HIGHCVSS 7.5fixed in 6.1v6.12021-09-21
CVE-2021-37419 [HIGH] CWE-918 CVE-2021-37419: Zoho ManageEngine ADSelfService Plus before 6112 is vulnerable to SSRF.
Zoho ManageEngine ADSelfService Plus before 6112 is vulnerable to SSRF.
nvd
CVE-2019-12876P3HIGHCVSS 7.3v6.6.52019-07-17
CVE-2019-12876 [HIGH] CWE-732 CVE-2019-12876: Zoho ManageEngine ADManager Plus 6.6.5, ADSelfService Plus 5.7, and DesktopCentral 10.0.380 have Ins
Zoho ManageEngine ADManager Plus 6.6.5, ADSelfService Plus 5.7, and DesktopCentral 10.0.380 have Insecure Permissions, leading to Privilege Escalation from low level privileges to System.
nvd
CVE-2023-38332P4MEDIUMCVSS 6.5fixed in 7.2v7.22023-08-04
CVE-2023-38332 [MEDIUM] CVE-2023-38332: Zoho ManageEngine ADManager Plus through 7201 allow authenticated users to take over another user's
Zoho ManageEngine ADManager Plus through 7201 allow authenticated users to take over another user's account via sensitive information disclosure.
nvd