Manageengine admanager plus
This hub aggregates every CVE we track for Manageengine admanager plus, a product in the enterprise software space. Use it to gauge the current risk picture and drill into individual advisories.
53
CVEs tracked
22
Critical
15
High
1
In CISA KEV
Severity distribution
CRITICAL22MEDIUM16HIGH15
Monthly trend
0
0
0
0
2
0
0
0
0
0
0
0
0
0
0
1
0
1
1
0
0
0
0
0
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Manageengine admanager plus.
- CVE-2025-9435Path Traversal5.5
- CVE-2025-11670NTLM Hash Exposure Vulnerability6.4
- CVE-2025-10020Command Injection8.5
- CVE-2024-24409Privilege Escalation8.8
- CVE-2024-48878SQL Injection8.3
- CVE-2023-6105ManageEngine Information Disclosure in Multiple Products5.5
- CVE-2023-41904Zoho ManageEngine ADManager Plus before 7203 allows 2FA bypass (for AuthToken generation) in REST APIs.5.4
- CVE-2023-38743Zoho ManageEngine ADManager Plus before Build 7200 allows admin users to execute commands on the host machine.7.2
- CVE-2023-39912Zoho ManageEngine ADManager Plus before 7203 allows Help Desk Technician users to read arbitrary files on the machine where this product is installed.4.9
- CVE-2023-35785Zoho ManageEngine Active Directory 360 versions 4315 and below, ADAudit Plus 7202 and below, ADManager Plus 7200 and below, Asset Explorer 6993 and below and 7xxx 7002 and below, Cloud Security Plu...8.1
- CVE-2023-31492Zoho ManageEngine ADManager Plus version 7182 and prior disclosed the default passwords for the account restoration of unauthorized domains to the authenticated users.6.5
- CVE-2023-38332Zoho ManageEngine ADManager Plus through 7201 allow authenticated users to take over another user's account via sensitive information disclosure.6.5
- CVE-2023-35786Zoho ManageEngine ADManager Plus before 7183 allows admin users to exploit an XXE issue to view files.4.9
- CVE-2023-29084Zoho ManageEngine ADManager Plus before 7181 allows for authenticated users to exploit command injection via Proxy settings.7.2
- CVE-2022-47966Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache Santuario xmlsec (aka XML Security for Java) 1.4.1, because ...KEV9.8
Product normalization is registry-driven with AI assist and human review. How it works