Zohocorp: Security Vulnerabilities
Zohocorp ManageEngine ADManager Plus version before 8024 are vulnerable to authenticated command injection vulnerability in the Custom Script component.
CVSS Score
8.5
EPSS Score
0.009
Published
2025-10-21
Zohocorp ManageEngine Analytics Plus versions 6171 and prior are vulnerable to authenticated SQL Injection via the key update api.
CVSS Score
8.3
EPSS Score
0.002
Published
2025-10-21
Zohocorp ManageEngine EndPoint Central versions 11.4.2516.1 and prior are vulnerable to XML Injection.
CVSS Score
5.2
EPSS Score
0.0
Published
2025-10-21
ZohoCorp ManageEngine Endpoint Central versions earlier than 11.4.2508.14, 11.4.2516.06, and 11.4.2518.01 are affected by an arbitrary file deletion vulnerability in the agent setup component.
CVSS Score
3.3
EPSS Score
0.0
Published
2025-10-21
ZohoCorp ManageEngine Endpoint Central was impacted by an improper privilege management issue in the agent setup.
This issue affects Endpoint Central: through 11.4.2500.25, through 11.4.2508.13.
CVSS Score
3.9
EPSS Score
0.0
Published
2025-09-25
Zohocorp ManageEngine Applications Manager versions 176600 and prior are vulnerable to stored cross-site scripting in the File/Directory monitor.
CVSS Score
6.4
EPSS Score
0.0
Published
2025-07-23
Zohocorp ManageEngine Exchange reporter Plus version 5722 and below are vulnerable to Stored XSS in the Attachments by filename keyword report.
CVSS Score
8.1
EPSS Score
0.001
Published
2025-06-26
Zohocorp ManageEngine Exchange reporter Plus version 5722 and below are vulnerable to Stored XSS in the Folder-wise read mails with subject report.
CVSS Score
8.1
EPSS Score
0.001
Published
2025-06-26
Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the alerts module.
CVSS Score
8.3
EPSS Score
0.001
Published
2025-06-09
Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in Service Account Auditing reports.
CVSS Score
8.3
EPSS Score
0.001
Published
2025-06-09