cbcvebase.

Zohocorp Manageengine Admanager Plus vulnerabilities

53 known vulnerabilities affecting zohocorp/manageengine_admanager_plus.

Total CVEs
53
CISA KEV
1
actively exploited
Public exploits
8
Exploited in wild
2
Severity breakdown
CRITICAL22HIGH15MEDIUM16

Vulnerabilities

Page 3 of 3
CVE-2025-9435P4MEDIUMCVSS 5.5fixed in 7.2v7.2+1 more2026-01-13
CVE-2025-9435 [MEDIUM] CWE-22 CVE-2025-9435: Zohocorp ManageEngine ADManager Plus versions below 7230 are vulnerable to Path Traversal in the Use Zohocorp ManageEngine ADManager Plus versions below 7230 are vulnerable to Path Traversal in the User Management module
nvd
CVE-2023-39912P4MEDIUMCVSS 4.9fixed in 7.2v7.22023-08-31
CVE-2023-39912 [MEDIUM] CWE-22 CVE-2023-39912: Zoho ManageEngine ADManager Plus before 7203 allows Help Desk Technician users to read arbitrary fil Zoho ManageEngine ADManager Plus before 7203 allows Help Desk Technician users to read arbitrary files on the machine where this product is installed.
nvd
CVE-2021-37922P4MEDIUMCVSS 5.3fixed in 7.1v7.12021-10-07
CVE-2021-37922 [MEDIUM] CWE-22 CVE-2021-37922: Zoho ManageEngine ADManager Plus version 7110 and prior is vulnerable to path traversal which allows Zoho ManageEngine ADManager Plus version 7110 and prior is vulnerable to path traversal which allows copying of files from one directory to another.
nvd
CVE-2023-41904P4MEDIUMCVSS 5.4fixed in 7.2v7.22023-09-27
CVE-2023-41904 [MEDIUM] CWE-287 CVE-2023-41904: Zoho ManageEngine ADManager Plus before 7203 allows 2FA bypass (for AuthToken generation) in REST AP Zoho ManageEngine ADManager Plus before 7203 allows 2FA bypass (for AuthToken generation) in REST APIs.
nvd
CVE-2021-37420P4MEDIUMCVSS 6.5fixed in 6.1v6.12021-09-21
CVE-2021-37420 [MEDIUM] CWE-306 CVE-2021-37420: Zoho ManageEngine ADSelfService Plus before 6112 is vulnerable to mail spoofing. Zoho ManageEngine ADSelfService Plus before 6112 is vulnerable to mail spoofing.
nvd
CVE-2023-35786P4MEDIUMCVSS 4.9fixed in 7.1v7.12023-07-05
CVE-2023-35786 [MEDIUM] CWE-611 CVE-2023-35786: Zoho ManageEngine ADManager Plus before 7183 allows admin users to exploit an XXE issue to view file Zoho ManageEngine ADManager Plus before 7183 allows admin users to exploit an XXE issue to view files.
nvd
CVE-2023-6105P4MEDIUMCVSS 5.5fixed in 7.2v7.22023-11-15
CVE-2023-6105 [MEDIUM] CWE-200 CVE-2023-6105: An information disclosure vulnerability exists in multiple ManageEngine products that can result in An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. A low-privileged OS user with access to the host where an affected ManageEngine product is installed can view and use the exposed key to decrypt product database passwords. This allows the user to access the ManageEngine pr
nvd
CVE-2021-36772P4MEDIUMCVSS 6.1fixed in 7.1v7.12021-07-17
CVE-2021-36772 [MEDIUM] CWE-79 CVE-2021-36772: Zoho ManageEngine ADManager Plus before 7110 allows stored XSS. Zoho ManageEngine ADManager Plus before 7110 allows stored XSS.
nvd
CVE-2020-35594P4MEDIUMCVSS 6.1fixed in 7.0v7.02021-03-05
CVE-2020-35594 [MEDIUM] CWE-79 CVE-2020-35594: Zoho ManageEngine ADManager Plus before 7066 allows XSS. Zoho ManageEngine ADManager Plus before 7066 allows XSS.
nvd
CVE-2021-36771P4MEDIUMCVSS 6.1fixed in 7.1v7.12021-07-17
CVE-2021-36771 [MEDIUM] CWE-79 CVE-2021-36771: Zoho ManageEngine ADManager Plus before 7110 allows reflected XSS. Zoho ManageEngine ADManager Plus before 7110 allows reflected XSS.
nvd
CVE-2025-11670P4MEDIUMCVSS 4.3fixed in 8.0v8.0+1 more2025-12-15
CVE-2025-11670 [MEDIUM] CWE-200 CVE-2025-11670: Zohocorp ManageEngine ADManager Plus versions before 8025 are vulnerable to NTLM Hash Exposure. Thi Zohocorp ManageEngine ADManager Plus versions before 8025 are vulnerable to NTLM Hash Exposure. This vulnerability is exploitable only by technicians who have the “Impersonate as Admin” option enabled.
nvd
CVE-2015-1026P4MEDIUMCVSS 4.3≤ 6.22015-03-11
CVE-2015-1026 [MEDIUM] CWE-79 CVE-2015-1026: Multiple cross-site scripting (XSS) vulnerabilities in ZOHO ManageEngine ADManager Plus before 6.2 B Multiple cross-site scripting (XSS) vulnerabilities in ZOHO ManageEngine ADManager Plus before 6.2 Build 6270 allow remote attackers to inject arbitrary web script or HTML via the (1) technicianSearchText parameter to the Help Desk Technician page or (2) rolesSearchText parameter to the Help Desk Roles.
nvd
CVE-2010-5050P4MEDIUMCVSS 4.3v4.4.02011-11-23
CVE-2010-5050 [MEDIUM] CWE-79 CVE-2010-5050: Cross-site scripting (XSS) vulnerability in jsp/admin/tools/remote_share.jsp in ManageEngine ADManag Cross-site scripting (XSS) vulnerability in jsp/admin/tools/remote_share.jsp in ManageEngine ADManager Plus 4.4.0 allows remote attackers to inject arbitrary web script or HTML via the computerName parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
nvd
Zohocorp Manageengine Admanager Plus vulnerabilities | cvebase