Zohocorp Manageengine Applications Manager vulnerabilities
57 known vulnerabilities affecting zohocorp/manageengine_applications_manager.
Total CVEs
57
CISA KEV
0
Public exploits
9
Exploited in wild
0
Severity breakdown
CRITICAL19HIGH19MEDIUM19
Vulnerabilities
Page 3 of 3
CVE-2025-6239P3MEDIUMCVSS 6.5fixed in 17.6v17.6+1 more2025-10-21
CVE-2025-6239 [MEDIUM] CWE-200 CVE-2025-6239: Zohocorp ManageEngine Applications Manager versions 176800 and below are vulnerable to information d
Zohocorp ManageEngine Applications Manager versions 176800 and below are vulnerable to information disclosure in File/Directory monitor.
nvd
CVE-2019-19799P3MEDIUMCVSS 5.3fixed in 14.5v14.52020-03-13
CVE-2019-19799 [MEDIUM] CWE-306 CVE-2019-19799: Zoho ManageEngine Applications Manager before 14600 allows a remote unauthenticated attacker to disc
Zoho ManageEngine Applications Manager before 14600 allows a remote unauthenticated attacker to disclose license related information via WieldFeedServlet servlet.
nvd
CVE-2023-28340P3MEDIUMCVSS 6.5fixed in 16.3v16.32023-04-11
CVE-2023-28340 [MEDIUM] CWE-611 CVE-2023-28340: Zoho ManageEngine Applications Manager through 16320 allows the admin user to conduct an XXE attack.
Zoho ManageEngine Applications Manager through 16320 allows the admin user to conduct an XXE attack.
nvd
CVE-2024-41140P3MEDIUMCVSS 6.5fixed in 17.0≥ 17.1, < 17.3+2 more2025-01-29
CVE-2024-41140 [MEDIUM] CWE-863 CVE-2024-41140: Zohocorp ManageEngine Applications Manager versions 174000 and prior are vulnerable to the incorrect
Zohocorp ManageEngine Applications Manager versions 174000 and prior are vulnerable to the incorrect authorization in the update user function.
nvd
CVE-2019-19800P3MEDIUMCVSS 5.3v14.02020-02-06
CVE-2019-19800 [MEDIUM] CWE-306 CVE-2019-19800: Zoho ManageEngine Applications Manager 14 before 14520 allows a remote unauthenticated attacker to d
Zoho ManageEngine Applications Manager 14 before 14520 allows a remote unauthenticated attacker to disclose OS file names via FailOverHelperServlet.
nvd
CVE-2023-29442P4MEDIUMCVSS 6.1fixed in 16.3v16.32023-04-26
CVE-2023-29442 [MEDIUM] CWE-79 CVE-2023-29442: Zoho ManageEngine Applications Manager before 16400 allows proxy.html DOM XSS.
Zoho ManageEngine Applications Manager before 16400 allows proxy.html DOM XSS.
nvd
CVE-2021-35512P4MEDIUMCVSS 6.5v15.22021-10-21
CVE-2021-35512 [MEDIUM] CWE-918 CVE-2021-35512: An SSRF issue was discovered in Zoho ManageEngine Applications Manager build 15200.
An SSRF issue was discovered in Zoho ManageEngine Applications Manager build 15200.
nvd
CVE-2017-11557P4MEDIUMCVSS 5.3v12.32019-05-23
CVE-2017-11557 [MEDIUM] CWE-200 CVE-2017-11557: An issue was discovered in ZOHO ManageEngine Applications Manager 12.3. It is possible for an unauth
An issue was discovered in ZOHO ManageEngine Applications Manager 12.3. It is possible for an unauthenticated user to view the list of domain names and usernames used in a company's network environment via a userconfiguration.do?method=editUser request.
nvd
CVE-2025-9787P4MEDIUMCVSS 6.1≥ 17.4, < 17.7v17.3+2 more2025-12-18
CVE-2025-9787 [MEDIUM] CWE-79 CVE-2025-9787: Zohocorp ManageEngine Applications Manager versions 177400 and below are vulnerable to Stored Cross-
Zohocorp ManageEngine Applications Manager versions 177400 and below are vulnerable to Stored Cross-Site Scripting vulnerability in the NOC view.
nvd
CVE-2024-5678P4MEDIUMCVSS 4.7fixed in 16.8v16.8+1 more2024-08-01
CVE-2024-5678 [MEDIUM] CWE-89 CVE-2024-5678: Zohocorp ManageEngine Applications Manager versions 170900 and below are vulnerable to the authentic
Zohocorp ManageEngine Applications Manager versions 170900 and below are vulnerable to the authenticated admin-only SQL Injection in the Create Monitor feature.
nvd
CVE-2016-9491P4MEDIUMCVSS 4.9v12.0v13.02018-07-13
CVE-2016-9491 [MEDIUM] CWE-611 CVE-2016-9491: ManageEngine Applications Manager 12 and 13 before build 13690 allows an authenticated user, who is
ManageEngine Applications Manager 12 and 13 before build 13690 allows an authenticated user, who is able to access /register.do page (most likely limited to administrator), to browse the filesystem and read the system files, including Applications Manager configuration, stored private keys, etc. By default Application Manager is running with administra
nvd
CVE-2017-11739P4MEDIUMCVSS 6.1v13.12019-05-23
CVE-2017-11739 [MEDIUM] CWE-79 CVE-2017-11739: In Zoho ManageEngine Application Manager 13.1 Build 13100, an authenticated user, with administrativ
In Zoho ManageEngine Application Manager 13.1 Build 13100, an authenticated user, with administrative privileges, has the ability to add a widget on any dashboard. This widget can be a "Utility Widget" with a "Custom HTML or Text" field. Once this widget is created, it will be loaded on the dashboard where it was added. An attacker can abuse this fun
nvd
CVE-2018-12996P4MEDIUMCVSS 6.1≤ 132018-06-29
CVE-2018-12996 [MEDIUM] CWE-79 CVE-2018-12996: A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager befor
A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager before 13 (Build 13800) allows remote attackers to inject arbitrary web script or HTML via the parameter 'method' to GraphicalView.do.
nvd
CVE-2023-38333P4MEDIUMCVSS 6.1fixed in 16.5v16.52023-08-10
CVE-2023-38333 [MEDIUM] CWE-79 CVE-2023-38333: Zoho ManageEngine Applications Manager through 16530 allows reflected XSS while logged in.
Zoho ManageEngine Applications Manager through 16530 allows reflected XSS while logged in.
nvd
CVE-2020-15521P4MEDIUMCVSS 6.1fixed in 14.0v14.02020-09-25
CVE-2020-15521 [MEDIUM] CWE-79 CVE-2020-15521: Zoho ManageEngine Applications Manager before 14 build 14730 has no protection against jsp/header.js
Zoho ManageEngine Applications Manager before 14 build 14730 has no protection against jsp/header.jsp Cross-site Scripting (XSS) .
nvd
CVE-2025-27930P4MEDIUMCVSS 5.4fixed in 17.6v17.62025-07-23
CVE-2025-27930 [MEDIUM] CWE-79 CVE-2025-27930: Zohocorp ManageEngine Applications Manager versions 176600 and prior are vulnerable to stored cross-
Zohocorp ManageEngine Applications Manager versions 176600 and prior are vulnerable to stored cross-site scripting in the File/Directory monitor.
nvd
CVE-2018-15169P4MEDIUMCVSS 6.1fixed in 13.138202018-08-08
CVE-2018-15169 [MEDIUM] CWE-79 CVE-2018-15169: A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager 13 be
A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager 13 before build 13820 allows remote attackers to inject arbitrary web script or HTML via the /deleteMO.do method parameter.
nvd
← Previous3 / 3