Zohocorp: >> Manageengine Applications Manager >> 14.6 Security Vulnerabilities
Zohocorp ManageEngine Applications Manager versions 176800 and below are vulnerable to information disclosure in File/Directory monitor.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-10-21
Zohocorp ManageEngine Applications Manager versions 176600 and prior are vulnerable to stored cross-site scripting in the File/Directory monitor.
CVSS Score
6.4
EPSS Score
0.0
Published
2025-07-23
Zohocorp ManageEngine Applications Manager versions 174000 and prior are vulnerable to the incorrect authorization in the update user function.
CVSS Score
8.1
EPSS Score
0.001
Published
2025-01-29
Zohocorp ManageEngine Applications Manager versions 170900 and below are vulnerable to the authenticated admin-only SQL Injection in the Create Monitor feature.
CVSS Score
4.7
EPSS Score
0.006
Published
2024-08-01
Zoho ManageEngine Applications Manager through 16530 allows reflected XSS while logged in.
CVSS Score
6.1
EPSS Score
0.069
Published
2023-08-10
Zoho ManageEngine Applications Manager before 16400 allows proxy.html DOM XSS.
CVSS Score
6.1
EPSS Score
0.045
Published
2023-04-26
Zoho ManageEngine Applications Manager through 16320 allows the admin user to conduct an XXE attack.
CVSS Score
6.5
EPSS Score
0.007
Published
2023-04-11
Zoho ManageEngine Applications Manager before 15130 is vulnerable to Stored XSS while importing malicious user details (e.g., a crafted user name) from AD.
CVSS Score
5.4
EPSS Score
0.203
Published
2021-07-01
doFilter in com.adventnet.appmanager.filter.UriCollector in Zoho ManageEngine Applications Manager through 14930 allows an authenticated SQL Injection via the resourceid parameter to showresource.do.
CVSS Score
8.8
EPSS Score
0.013
Published
2021-02-05
In Zoho ManageEngine Application Manager 14.7 Build 14730 (before 14684, and between 14689 and 14750), the AlarmEscalation module is vulnerable to unauthenticated SQL Injection attack.
CVSS Score
9.8
EPSS Score
0.114
Published
2020-10-01
Page 1