Zohocorp Manageengine Endpoint Central vulnerabilities

8 known vulnerabilities affecting zohocorp/manageengine_endpoint_central.

Total CVEs
8
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH3MEDIUM4LOW1

Vulnerabilities

Page 1 of 1
CVE-2025-11248MEDIUMCVSS 4.3fixed in 11.4.2528.052025-10-27
CVE-2025-11248 [LOW] CWE-532 CVE-2025-11248: ZohoCorp ManageEngine Endpoint Central versions prior to 11.4.2528.05 are vulnerable to a sensitive ZohoCorp ManageEngine Endpoint Central versions prior to 11.4.2528.05 are vulnerable to a sensitive information logging issue. An authenticated user with access to the logs could potentially obtain the sensitive agent token.
cvelistv5nvd
CVE-2025-7473MEDIUMCVSS 5.3≤ 11.4.2516.012025-10-21
CVE-2025-7473 [MEDIUM] CWE-91 CVE-2025-7473: Zohocorp ManageEngine EndPoint Central versions 11.4.2516.1 and prior are vulnerable to XML Injectio Zohocorp ManageEngine EndPoint Central versions 11.4.2516.1 and prior are vulnerable to XML Injection.
nvd
CVE-2025-5496LOWCVSS 3.3fixed in 11.4.2508.14≥ 11.4.2510.01, < 11.4.2516.062025-10-21
CVE-2025-5496 [LOW] CWE-269 CVE-2025-5496: ZohoCorp ManageEngine Endpoint Central versions earlier than 11.4.2508.14, 11.4.2516.06, and 11.4.25 ZohoCorp ManageEngine Endpoint Central versions earlier than 11.4.2508.14, 11.4.2516.06, and 11.4.2518.01 are affected by an arbitrary file deletion vulnerability in the agent setup component.
nvd
CVE-2025-5494HIGHCVSS 7.8fixed in 11.4.2500.26≥ 11.4.2508.01, < 11.4.2508.142025-09-25
CVE-2025-5494 [LOW] CWE-269 CVE-2025-5494: ZohoCorp ManageEngine Endpoint Central was impacted by an improper privilege management issue in the ZohoCorp ManageEngine Endpoint Central was impacted by an improper privilege management issue in the agent setup. This issue affects Endpoint Central: through 11.4.2500.25, through 11.4.2508.13.
nvd
CVE-2024-9097MEDIUMCVSS 4.3≥ 11.3.2428.01, < 11.3.2428.262025-02-05
CVE-2024-9097 [LOW] CWE-639 CVE-2024-9097: ManageEngine Endpoint Central versions before 11.3.2440.09 are vulnerable to IDOR vulnerability whic ManageEngine Endpoint Central versions before 11.3.2440.09 are vulnerable to IDOR vulnerability which allows the attacker to change the username in the chat.
nvd
CVE-2024-10203HIGHCVSS 7.8≤ 11.3.2416.21≥ 11.3.2428.01, ≤ 11.3.2428.092024-11-07
CVE-2024-10203 [HIGH] CWE-269 CVE-2024-10203: Zohocorp ManageEngine EndPoint Central versions 11.3.2416.21 and below, 11.3.2428.9 and below are vu Zohocorp ManageEngine EndPoint Central versions 11.3.2416.21 and below, 11.3.2428.9 and below are vulnerable to Arbitrary File Deletion in the agent installed machines.
nvd
CVE-2024-38868HIGHCVSS 8.3fixed in 11.3.2400.15≥ 11.3.2401.05, < 11.3.2406.082024-08-30
CVE-2024-38868 [HIGH] CWE-863 CVE-2024-38868: Zohocorp ManageEngine Endpoint Central affected by Incorrect authorization vulnerability while isola Zohocorp ManageEngine Endpoint Central affected by Incorrect authorization vulnerability while isolating the devices.This issue affects Endpoint Central: before 11.3.2406.08 and before 11.3.2400.15
nvd
CVE-2023-6105MEDIUMCVSS 5.5fixed in 11.2.2322.012023-11-15
CVE-2023-6105 [MEDIUM] CWE-200 CVE-2023-6105: An information disclosure vulnerability exists in multiple ManageEngine products that can result in An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. A low-privileged OS user with access to the host where an affected ManageEngine product is installed can view and use the exposed key to decrypt product database passwords. This allows the user to access the ManageEngine pr
nvd