cbcvebase.

Zohocorp Manageengine Exchange Reporter Plus vulnerabilities

28 known vulnerabilities affecting zohocorp/manageengine_exchange_reporter_plus.

Total CVEs
28
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH10MEDIUM16

Vulnerabilities

Page 1 of 2
CVE-2022-29457P2HIGHCVSS 8.8PoCfixed in 5.7v5.72022-04-18
CVE-2022-29457 [HIGH] CWE-522 CVE-2022-29457: Zoho ManageEngine ADSelfService Plus before 6121, ADAuditPlus 7060, Exchange Reporter Plus 5701, and Zoho ManageEngine ADSelfService Plus before 6121, ADAuditPlus 7060, Exchange Reporter Plus 5701, and ADManagerPlus 7131 allow NTLM Hash disclosure during certain storage-path configuration steps.
nvd
CVE-2020-24786P2CRITICALCVSS 9.8≤ 5.4v5.52020-08-31
CVE-2020-24786 [CRITICAL] CWE-287 CVE-2020-24786: An issue was discovered in Zoho ManageEngine Exchange Reporter Plus before build number 5510, AD360 An issue was discovered in Zoho ManageEngine Exchange Reporter Plus before build number 5510, AD360 before build number 4228, ADSelfService Plus before build number 5817, DataSecurity Plus before build number 6033, RecoverManager Plus before build number 6017, EventLog Analyzer before build number 12136, ADAudit Plus before build number 6052, O365
nvd
CVE-2025-3835P2CRITICALCVSS 9.6fixed in 5.7v5.72025-06-09
CVE-2025-3835 [CRITICAL] CWE-434 CVE-2025-3835: Zohocorp ManageEngine Exchange Reporter Plus versions 5721 and prior are vulnerable to Remote code e Zohocorp ManageEngine Exchange Reporter Plus versions 5721 and prior are vulnerable to Remote code execution in the Content Search module.
nvd
CVE-2024-9459P3HIGHCVSS 8.8fixed in 5.7v5.72024-11-05
CVE-2024-9459 [HIGH] CWE-89 CVE-2024-9459: Zohocorp ManageEngine Exchange Reporter Plus versions 5718 and prior are vulnerable to authenticated Zohocorp ManageEngine Exchange Reporter Plus versions 5718 and prior are vulnerable to authenticated SQL Injection in reports module.
nvd
CVE-2024-21775P3HIGHCVSS 8.8fixed in 5.7v5.72024-02-16
CVE-2024-21775 [HIGH] CWE-89 CVE-2024-21775: Zoho ManageEngine Exchange Reporter Plus versions 5714 and below are vulnerable to the Authenticated Zoho ManageEngine Exchange Reporter Plus versions 5714 and below are vulnerable to the Authenticated SQL injection in report exporting feature.
nvd
CVE-2024-38871P3HIGHCVSS 8.8fixed in 5.7v5.72024-07-26
CVE-2024-38871 [HIGH] CWE-89 CVE-2024-38871: Zohocorp ManageEngine Exchange Reporter Plus versions 5717 and below are vulnerable to the authentic Zohocorp ManageEngine Exchange Reporter Plus versions 5717 and below are vulnerable to the authenticated SQL injection in the reports module.
nvd
CVE-2024-38872P3HIGHCVSS 8.8fixed in 5.7v5.72024-07-26
CVE-2024-38872 [HIGH] CWE-89 CVE-2024-38872: Zohocorp ManageEngine Exchange Reporter Plus versions 5717 and below are vulnerable to the authentic Zohocorp ManageEngine Exchange Reporter Plus versions 5717 and below are vulnerable to the authenticated SQL injection in the monitoring module.
nvd
CVE-2024-6204P3HIGHCVSS 8.1fixed in 5.7v5.72024-08-30
CVE-2024-6204 [HIGH] CWE-89 CVE-2024-6204: Zohocorp ManageEngine Exchange Reporter Plus versions before 5715 are vulnerable to SQL Injection in Zohocorp ManageEngine Exchange Reporter Plus versions before 5715 are vulnerable to SQL Injection in the reports module.
nvd
CVE-2023-35785P3HIGHCVSS 8.1fixed in 5.7v5.72023-08-28
CVE-2023-35785 [HIGH] CWE-287 CVE-2023-35785: Zoho ManageEngine Active Directory 360 versions 4315 and below, ADAudit Plus 7202 and below, ADManag Zoho ManageEngine Active Directory 360 versions 4315 and below, ADAudit Plus 7202 and below, ADManager Plus 7200 and below, Asset Explorer 6993 and below and 7xxx 7002 and below, Cloud Security Plus 4161 and below, Data Security Plus 6110 and below, Eventlog Analyzer 12301 and below, Exchange Reporter Plus 5709 and below, Log360 5315 and below, Log360
nvd
CVE-2023-22624P3HIGHCVSS 7.5fixed in 5.7v5.72023-01-17
CVE-2023-22624 [HIGH] CWE-611 CVE-2023-22624: Zoho ManageEngine Exchange Reporter Plus before 5708 allows attackers to conduct XXE attacks. Zoho ManageEngine Exchange Reporter Plus before 5708 allows attackers to conduct XXE attacks.
nvd
CVE-2025-5366P3HIGHCVSS 8.1fixed in 5.7v5.72025-06-26
CVE-2025-5366 [HIGH] CWE-79 CVE-2025-5366: Zohocorp ManageEngine Exchange reporter Plus version 5722 and below are vulnerable to Stored XSS in Zohocorp ManageEngine Exchange reporter Plus version 5722 and below are vulnerable to Stored XSS in the Folder-wise read mails with subject report.
nvd
CVE-2025-5966P3HIGHCVSS 8.1fixed in 5.7v5.72025-06-26
CVE-2025-5966 [HIGH] CWE-79 CVE-2025-5966: Zohocorp ManageEngine Exchange reporter Plus version 5722 and below are vulnerable to Stored XSS in Zohocorp ManageEngine Exchange reporter Plus version 5722 and below are vulnerable to Stored XSS in the Attachments by filename keyword report.
nvd
CVE-2025-5342P4MEDIUMCVSS 6.5fixed in 5.7v5.7+1 more2025-10-30
CVE-2025-5342 [MEDIUM] CWE-400 CVE-2025-5342: Zohocorp ManageEngine Exchange Reporter Plus through 5721 are vulnerable to ReDOS vulnerability in t Zohocorp ManageEngine Exchange Reporter Plus through 5721 are vulnerable to ReDOS vulnerability in the search module.
nvd
CVE-2025-7633P4MEDIUMCVSS 6.1≤ 5.6v5.7+1 more2025-11-11
CVE-2025-7633 [MEDIUM] CWE-79 CVE-2025-7633: Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XS Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XSS Vulnerability in the Custom report.
nvd
CVE-2026-4107P4MEDIUMCVSS 5.4fixed in 5.8v5.8+1 more2026-04-03
CVE-2026-4107 [MEDIUM] CWE-79 CVE-2026-4107: Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Fo Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Folder Message Count and Size report.
nvd
CVE-2025-7429P4MEDIUMCVSS 5.4≤ 5.6v5.7+1 more2025-11-11
CVE-2025-7429 [MEDIUM] CWE-79 CVE-2025-7429: Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XS Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XSS Vulnerability in the Mails Deleted or Moved report.
nvd
CVE-2025-7632P4MEDIUMCVSS 5.4≤ 5.6v5.7+1 more2025-11-11
CVE-2025-7632 [MEDIUM] CWE-79 CVE-2025-7632: Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XS Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XSS Vulnerability in the Public Folders report.
nvd
CVE-2023-6105P4MEDIUMCVSS 5.5fixed in 5.7v5.72023-11-15
CVE-2023-6105 [MEDIUM] CWE-200 CVE-2023-6105: An information disclosure vulnerability exists in multiple ManageEngine products that can result in An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. A low-privileged OS user with access to the host where an affected ManageEngine product is installed can view and use the exposed key to decrypt product database passwords. This allows the user to access the ManageEngine pr
nvd
CVE-2025-7430P4MEDIUMCVSS 5.4≤ 5.6v5.7+1 more2025-11-11
CVE-2025-7430 [MEDIUM] CWE-79 CVE-2025-7430: Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XS Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XSS Vulnerability in the Folder Message Count and Size report.
nvd
CVE-2025-5347P4MEDIUMCVSS 5.4fixed in 5.7v5.7+1 more2025-10-30
CVE-2025-5347 [MEDIUM] CWE-79 CVE-2025-5347: Zohocorp ManageEngine Exchange Reporter Plus versions before 5723 are vulnerable to Stored Cross Sit Zohocorp ManageEngine Exchange Reporter Plus versions before 5723 are vulnerable to Stored Cross Site Scripting in the reports module.
nvd
Zohocorp Manageengine Exchange Reporter Plus vulnerabilities | cvebase