Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-3836

Summary
Assigner-Zohocorp
Assigner Org ID-0fc0942c-577d-436f-ae8e-945763c79b02
Published At-22 May, 2025 | 10:38
Updated At-22 May, 2025 | 18:21
Rejected At-
Credits

SQL Injection

Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the logon events aggregate report.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Zohocorp
Assigner Org ID:0fc0942c-577d-436f-ae8e-945763c79b02
Published At:22 May, 2025 | 10:38
Updated At:22 May, 2025 | 18:21
Rejected At:
▼CVE Numbering Authority (CNA)
SQL Injection

Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the logon events aggregate report.

Affected Products
Vendor
ManageEngine (Zoho Corporation Pvt. Ltd.)ManageEngine
Product
ADAudit Plus
Default Status
unaffected
Versions
Affected
  • From 0 before 8511 (6514)
Problem Types
TypeCWE IDDescription
CWECWE-89CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Type: CWE
CWE ID: CWE-89
Description: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Metrics
VersionBase scoreBase severityVector
3.18.3HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
Version: 3.1
Base score: 8.3
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.manageengine.com/products/active-directory-audit/cve-2025-3836.html
N/A
Hyperlink: https://www.manageengine.com/products/active-directory-audit/cve-2025-3836.html
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:0fc0942c-577d-436f-ae8e-945763c79b02
Published At:22 May, 2025 | 11:15
Updated At:16 Jun, 2025 | 15:15

Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the logon events aggregate report.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.18.3HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
Type: Secondary
Version: 3.1
Base score: 8.3
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
CPE Matches
Zoho Corporation Pvt. Ltd.
zohocorp
>>manageengine_adaudit_plus>>Versions before 8.5(exclusive)
cpe:2.3:a:zohocorp:manageengine_adaudit_plus:*:*:*:*:*:*:*:*
Zoho Corporation Pvt. Ltd.
zohocorp
>>manageengine_adaudit_plus>>8.5
cpe:2.3:a:zohocorp:manageengine_adaudit_plus:8.5:-:*:*:*:*:*:*
Zoho Corporation Pvt. Ltd.
zohocorp
>>manageengine_adaudit_plus>>8.5
cpe:2.3:a:zohocorp:manageengine_adaudit_plus:8.5:8500:*:*:*:*:*:*
Zoho Corporation Pvt. Ltd.
zohocorp
>>manageengine_adaudit_plus>>8.5
cpe:2.3:a:zohocorp:manageengine_adaudit_plus:8.5:8510:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-89Secondary0fc0942c-577d-436f-ae8e-945763c79b02
CWE ID: CWE-89
Type: Secondary
Source: 0fc0942c-577d-436f-ae8e-945763c79b02
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.manageengine.com/products/active-directory-audit/cve-2025-3836.html0fc0942c-577d-436f-ae8e-945763c79b02
Vendor Advisory
Hyperlink: https://www.manageengine.com/products/active-directory-audit/cve-2025-3836.html
Source: 0fc0942c-577d-436f-ae8e-945763c79b02
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

111Records found
CVE-2024-38871
Matching Score-10
Assigner-ManageEngine
ShareView Details
Matching Score-10
Assigner-ManageEngine
CVSS Score-8.3||HIGH
EPSS-4.94% / 89.23%
||
7 Day CHG~0.00%
Published-26 Jul, 2024 | 17:29
Updated-11 Sep, 2024 | 15:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL Injection

Zohocorp ManageEngine Exchange Reporter Plus versions 5717 and below are vulnerable to the authenticated SQL injection in the reports module.

Action-Not Available
Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.
Product-manageengine_exchange_reporter_plusExchange Reporter Plusexchange_reporter_plus
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-36517
Matching Score-10
Assigner-ManageEngine
ShareView Details
Matching Score-10
Assigner-ManageEngine
CVSS Score-8.3||HIGH
EPSS-3.70% / 87.47%
||
7 Day CHG~0.00%
Published-23 Aug, 2024 | 13:34
Updated-27 Aug, 2024 | 13:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL Injection

Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in alerts module.

Action-Not Available
Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.
Product-manageengine_adaudit_plusADAudit Plusadaudit_plus
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-36514
Matching Score-10
Assigner-ManageEngine
ShareView Details
Matching Score-10
Assigner-ManageEngine
CVSS Score-8.3||HIGH
EPSS-3.70% / 87.47%
||
7 Day CHG~0.00%
Published-23 Aug, 2024 | 13:37
Updated-27 Aug, 2024 | 13:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL Injection

Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in file summary option.

Action-Not Available
Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.
Product-manageengine_adaudit_plusADAudit Plusadaudit_plus
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-36516
Matching Score-10
Assigner-ManageEngine
ShareView Details
Matching Score-10
Assigner-ManageEngine
CVSS Score-8.3||HIGH
EPSS-3.70% / 87.47%
||
7 Day CHG~0.00%
Published-23 Aug, 2024 | 13:36
Updated-27 Aug, 2024 | 13:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL Injection

Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in dashboard. Note: This vulnerability is different from another vulnerability (CVE-2024-36515), both of which have affected ADAudit Plus' dashboard.

Action-Not Available
Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.
Product-manageengine_adaudit_plusADAudit Plusadaudit_plus
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-36034
Matching Score-10
Assigner-ManageEngine
ShareView Details
Matching Score-10
Assigner-ManageEngine
CVSS Score-8.3||HIGH
EPSS-3.70% / 87.47%
||
7 Day CHG~0.00%
Published-12 Aug, 2024 | 07:23
Updated-16 Aug, 2024 | 20:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL Injection

Zohocorp ManageEngine ADAudit Plus versions below 8003 are vulnerable to authenticated SQL Injection in aggregate reports' search option.

Action-Not Available
Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.
Product-manageengine_adaudit_plusADAudit Plusadaudit_plus
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-36035
Matching Score-10
Assigner-ManageEngine
ShareView Details
Matching Score-10
Assigner-ManageEngine
CVSS Score-8.3||HIGH
EPSS-3.70% / 87.47%
||
7 Day CHG~0.00%
Published-12 Aug, 2024 | 07:19
Updated-16 Aug, 2024 | 20:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL Injection

Zohocorp ManageEngine ADAudit Plus versions below 8003 are vulnerable to authenticated SQL Injection in user session recording.

Action-Not Available
Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.
Product-manageengine_adaudit_plusADAudit Plusadaudit_plus
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-38872
Matching Score-10
Assigner-ManageEngine
ShareView Details
Matching Score-10
Assigner-ManageEngine
CVSS Score-8.3||HIGH
EPSS-4.94% / 89.23%
||
7 Day CHG~0.00%
Published-26 Jul, 2024 | 17:30
Updated-11 Sep, 2024 | 15:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL Injection

Zohocorp ManageEngine Exchange Reporter Plus versions 5717 and below are vulnerable to the authenticated SQL injection in the monitoring module.

Action-Not Available
Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.
Product-manageengine_exchange_reporter_plusExchange Reporter Plusexchange_reporter_plus
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-36518
Matching Score-10
Assigner-ManageEngine
ShareView Details
Matching Score-10
Assigner-ManageEngine
CVSS Score-8.3||HIGH
EPSS-3.59% / 87.29%
||
7 Day CHG~0.00%
Published-12 Aug, 2024 | 07:13
Updated-21 Nov, 2024 | 23:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL Injection

Zohocorp ManageEngine ADAudit Plus versions below 8110 are vulnerable to authenticated SQL Injection in attack surface analyzer's dashboard.

Action-Not Available
Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.
Product-manageengine_adaudit_plusADAudit Plusadaudit_plus
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-36485
Matching Score-10
Assigner-ManageEngine
ShareView Details
Matching Score-10
Assigner-ManageEngine
CVSS Score-8.3||HIGH
EPSS-0.88% / 74.43%
||
7 Day CHG~0.00%
Published-04 Nov, 2024 | 11:13
Updated-07 Nov, 2024 | 11:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL Injection

Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to SQL Injection in Technician reports option.

Action-Not Available
Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.
Product-manageengine_adaudit_plusADAudit Plusmanageengine_adaudit_plus
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-21775
Matching Score-10
Assigner-ManageEngine
ShareView Details
Matching Score-10
Assigner-ManageEngine
CVSS Score-8.3||HIGH
EPSS-0.62% / 69.23%
||
7 Day CHG~0.00%
Published-16 Feb, 2024 | 14:35
Updated-26 Nov, 2024 | 16:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL Injection

Zoho ManageEngine Exchange Reporter Plus versions 5714 and below are vulnerable to the Authenticated SQL injection in report exporting feature.

Action-Not Available
Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.
Product-manageengine_exchange_reporter_plusExchange Reporter Plusexchange_reporter_plus
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-0269
Matching Score-10
Assigner-ManageEngine
ShareView Details
Matching Score-10
Assigner-ManageEngine
CVSS Score-8.3||HIGH
EPSS-0.66% / 70.27%
||
7 Day CHG~0.00%
Published-02 Feb, 2024 | 13:05
Updated-01 Aug, 2024 | 17:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL Injection

ManageEngine ADAudit Plus versions 7270 and below are vulnerable to the Authenticated SQL injection in File-Summary DrillDown. This issue has been fixed and released in version 7271.

Action-Not Available
Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.
Product-manageengine_adaudit_plusADAudit Plusadaudit_plus
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-0253
Matching Score-10
Assigner-ManageEngine
ShareView Details
Matching Score-10
Assigner-ManageEngine
CVSS Score-8.3||HIGH
EPSS-0.66% / 70.27%
||
7 Day CHG~0.00%
Published-02 Feb, 2024 | 12:50
Updated-01 Aug, 2024 | 17:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL Injection

ManageEngine ADAudit Plus versions 7270 and below are vulnerable to the Authenticated SQL injection in home Graph-Data.

Action-Not Available
Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.
Product-manageengine_adaudit_plusADAudit Plusadaudit_plus
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-41444
Matching Score-10
Assigner-ManageEngine
ShareView Details
Matching Score-10
Assigner-ManageEngine
CVSS Score-8.3||HIGH
EPSS-0.07% / 23.18%
||
7 Day CHG~0.00%
Published-09 Jun, 2025 | 11:14
Updated-16 Jun, 2025 | 15:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL Injection

Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the alerts module.

Action-Not Available
Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.
Product-manageengine_adaudit_plusADAudit Plus
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-49332
Matching Score-10
Assigner-ManageEngine
ShareView Details
Matching Score-10
Assigner-ManageEngine
CVSS Score-8.3||HIGH
EPSS-0.15% / 36.78%
||
7 Day CHG~0.00%
Published-20 May, 2024 | 17:45
Updated-09 May, 2025 | 13:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection while adding file shares.

Action-Not Available
Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.
Product-manageengine_adaudit_plusADAudit Plusadaudit_plus
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-49330
Matching Score-10
Assigner-ManageEngine
ShareView Details
Matching Score-10
Assigner-ManageEngine
CVSS Score-8.3||HIGH
EPSS-0.29% / 51.62%
||
7 Day CHG~0.00%
Published-20 May, 2024 | 12:19
Updated-12 May, 2025 | 13:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection while getting aggregate report data.

Action-Not Available
Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.
Product-manageengine_adaudit_plusADAudit Plusadaudit_plus
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-49331
Matching Score-10
Assigner-ManageEngine
ShareView Details
Matching Score-10
Assigner-ManageEngine
CVSS Score-8.3||HIGH
EPSS-0.15% / 36.78%
||
7 Day CHG~0.00%
Published-20 May, 2024 | 17:35
Updated-09 May, 2025 | 13:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection in the aggregate reports search option.

Action-Not Available
Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.
Product-manageengine_adaudit_plusADAudit Plusadaudit_plus
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-49333
Matching Score-10
Assigner-ManageEngine
ShareView Details
Matching Score-10
Assigner-ManageEngine
CVSS Score-8.3||HIGH
EPSS-0.15% / 36.78%
||
7 Day CHG~0.00%
Published-20 May, 2024 | 17:51
Updated-09 May, 2025 | 13:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection in the dashboard graph feature.

Action-Not Available
Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.
Product-manageengine_adaudit_plusADAudit Plusadaudit_plus
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-49335
Matching Score-10
Assigner-ManageEngine
ShareView Details
Matching Score-10
Assigner-ManageEngine
CVSS Score-8.3||HIGH
EPSS-0.08% / 24.40%
||
7 Day CHG~0.00%
Published-20 May, 2024 | 17:55
Updated-09 May, 2025 | 13:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection while getting file server details.

Action-Not Available
Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.
Product-manageengine_adaudit_plusADAudit Plusadaudit_plus
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-49334
Matching Score-10
Assigner-ManageEngine
ShareView Details
Matching Score-10
Assigner-ManageEngine
CVSS Score-8.3||HIGH
EPSS-0.15% / 36.78%
||
7 Day CHG~0.00%
Published-20 May, 2024 | 17:55
Updated-09 May, 2025 | 13:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection while exporting a full summary report.

Action-Not Available
Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.
Product-manageengine_adaudit_plusADAudit Plusadaudit_plus
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-41407
Matching Score-10
Assigner-ManageEngine
ShareView Details
Matching Score-10
Assigner-ManageEngine
CVSS Score-8.3||HIGH
EPSS-0.03% / 5.81%
||
7 Day CHG~0.00%
Published-23 May, 2025 | 10:29
Updated-16 Jun, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL Injection

Zohocorp ManageEngine ADAudit Plus versions below 8511 are vulnerable to SQL injection in the OU History report.

Action-Not Available
Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.
Product-manageengine_adaudit_plusADAudit Plus
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-41403
Matching Score-10
Assigner-ManageEngine
ShareView Details
Matching Score-10
Assigner-ManageEngine
CVSS Score-8.3||HIGH
EPSS-0.07% / 23.18%
||
7 Day CHG~0.00%
Published-22 May, 2025 | 10:39
Updated-16 Jun, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL Injection

Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection while fetching service account audit data.

Action-Not Available
Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.
Product-manageengine_adaudit_plusADAudit Plus
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-36528
Matching Score-10
Assigner-ManageEngine
ShareView Details
Matching Score-10
Assigner-ManageEngine
CVSS Score-8.3||HIGH
EPSS-0.07% / 23.18%
||
7 Day CHG~0.00%
Published-09 Jun, 2025 | 11:12
Updated-16 Jun, 2025 | 15:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL Injection

Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in Service Account Auditing reports.

Action-Not Available
Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.
Product-manageengine_adaudit_plusADAudit Plus
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-36527
Matching Score-10
Assigner-ManageEngine
ShareView Details
Matching Score-10
Assigner-ManageEngine
CVSS Score-8.3||HIGH
EPSS-0.03% / 5.81%
||
7 Day CHG~0.00%
Published-23 May, 2025 | 10:28
Updated-16 Jun, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL Injection

Zohocorp ManageEngine ADAudit Plus versions below 8511 are vulnerable to SQL injection while exporting reports.

Action-Not Available
Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.
Product-manageengine_adaudit_plusADAudit Plus
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-27709
Matching Score-10
Assigner-ManageEngine
ShareView Details
Matching Score-10
Assigner-ManageEngine
CVSS Score-8.3||HIGH
EPSS-0.07% / 23.18%
||
7 Day CHG~0.00%
Published-09 Jun, 2025 | 11:04
Updated-16 Jun, 2025 | 15:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL Injection

Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the Service Account Auditing reports.

Action-Not Available
Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.
Product-manageengine_adaudit_plusADAudit Plus
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-9459
Matching Score-10
Assigner-ManageEngine
ShareView Details
Matching Score-10
Assigner-ManageEngine
CVSS Score-8.3||HIGH
EPSS-1.29% / 78.86%
||
7 Day CHG+0.25%
Published-05 Nov, 2024 | 05:44
Updated-06 Nov, 2024 | 15:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL Injection

Zohocorp ManageEngine Exchange Reporter Plus versions 5718 and prior are vulnerable to authenticated SQL Injection in reports module.

Action-Not Available
Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.
Product-manageengine_exchange_reporter_plusExchange Reporter Plusmanageengine_exchange_reporter_plus
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-6748
Matching Score-10
Assigner-ManageEngine
ShareView Details
Matching Score-10
Assigner-ManageEngine
CVSS Score-8.3||HIGH
EPSS-0.45% / 62.73%
||
7 Day CHG~0.00%
Published-29 Jul, 2024 | 16:20
Updated-01 Aug, 2024 | 21:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL Injection

Zohocorp ManageEngine OpManager, OpManager Plus, OpManager MSP and RMM versions 128317 and below are vulnerable to authenticated SQL injection in the URL monitoring.

Action-Not Available
Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.
Product-OpManagermanageengine_opmanager_mspmanageengine_opmanagermanageengine_opmanager_rmmmanageengine_opmanager_plus
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-6204
Matching Score-10
Assigner-ManageEngine
ShareView Details
Matching Score-10
Assigner-ManageEngine
CVSS Score-8.3||HIGH
EPSS-0.78% / 72.65%
||
7 Day CHG~0.00%
Published-30 Aug, 2024 | 17:10
Updated-19 Sep, 2024 | 15:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL injection

Zohocorp ManageEngine Exchange Reporter Plus versions before 5715 are vulnerable to SQL Injection in the reports module.

Action-Not Available
Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.
Product-manageengine_exchange_reporter_plusExchange Reporter Plusmanageengine_exchange_reporter_plus
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-5586
Matching Score-10
Assigner-ManageEngine
ShareView Details
Matching Score-10
Assigner-ManageEngine
CVSS Score-8.3||HIGH
EPSS-3.70% / 87.47%
||
7 Day CHG~0.00%
Published-23 Aug, 2024 | 13:54
Updated-27 Aug, 2024 | 14:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL Injection

Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to the authenticated SQL injection in extranet lockouts report option.

Action-Not Available
Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.
Product-manageengine_adaudit_plusADAudit Plusadaudit_plus
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-5556
Matching Score-10
Assigner-ManageEngine
ShareView Details
Matching Score-10
Assigner-ManageEngine
CVSS Score-8.3||HIGH
EPSS-3.70% / 87.47%
||
7 Day CHG~0.00%
Published-23 Aug, 2024 | 13:52
Updated-27 Aug, 2024 | 14:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL Injection

Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in reports module.

Action-Not Available
Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.
Product-manageengine_adaudit_plusADAudit Plusadaudit_plus
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-5608
Matching Score-10
Assigner-ManageEngine
ShareView Details
Matching Score-10
Assigner-ManageEngine
CVSS Score-8.3||HIGH
EPSS-0.42% / 61.17%
||
7 Day CHG~0.00%
Published-24 Oct, 2024 | 11:42
Updated-26 Nov, 2024 | 01:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL Injection

Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to SQL Injection in the technician reports feature.

Action-Not Available
Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.
Product-manageengine_adaudit_plusADAudit Plusadaudit_plus
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-5490
Matching Score-10
Assigner-ManageEngine
ShareView Details
Matching Score-10
Assigner-ManageEngine
CVSS Score-8.3||HIGH
EPSS-3.70% / 87.47%
||
7 Day CHG~0.00%
Published-23 Aug, 2024 | 13:44
Updated-27 Aug, 2024 | 14:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL Injection

Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in aggregate reports option.

Action-Not Available
Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.
Product-manageengine_adaudit_plusADAudit Plusadaudit_plus
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-5487
Matching Score-10
Assigner-ManageEngine
ShareView Details
Matching Score-10
Assigner-ManageEngine
CVSS Score-8.3||HIGH
EPSS-4.94% / 89.23%
||
7 Day CHG~0.00%
Published-12 Aug, 2024 | 07:04
Updated-16 Aug, 2024 | 20:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL Injection

Zohocorp ManageEngine ADAudit Plus versions below 8110 are vulnerable to authenticated SQL Injection in attack surface analyzer's export option.

Action-Not Available
Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.
Product-manageengine_adaudit_plusADAudit Plusadaudit_plus
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-5527
Matching Score-10
Assigner-ManageEngine
ShareView Details
Matching Score-10
Assigner-ManageEngine
CVSS Score-8.3||HIGH
EPSS-4.94% / 89.23%
||
7 Day CHG~0.00%
Published-12 Aug, 2024 | 05:31
Updated-16 Aug, 2024 | 20:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL Injection

Zohocorp ManageEngine ADAudit Plus versions below 8110 are vulnerable to authenticated SQL Injection in file auditing configuration.

Action-Not Available
Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.
Product-manageengine_adaudit_plusADAudit Plusadaudit_plus
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-5546
Matching Score-10
Assigner-ManageEngine
ShareView Details
Matching Score-10
Assigner-ManageEngine
CVSS Score-8.3||HIGH
EPSS-4.16% / 88.22%
||
7 Day CHG+1.05%
Published-28 Aug, 2024 | 08:44
Updated-19 Sep, 2024 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL Injection

Zohocorp ManageEngine Password Manager Pro versions before 12431 and ManageEngine PAM360 versions before 7001 are affected by authenticated SQL Injection vulnerability via a global search option.

Action-Not Available
Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.
Product-manageengine_password_manager_promanageengine_pam360Password Manager ProPAM360pam360password_manager_pro
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-5467
Matching Score-10
Assigner-ManageEngine
ShareView Details
Matching Score-10
Assigner-ManageEngine
CVSS Score-8.3||HIGH
EPSS-3.70% / 87.47%
||
7 Day CHG~0.00%
Published-23 Aug, 2024 | 13:28
Updated-27 Aug, 2024 | 14:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL Injection

Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to the authenticated SQL injection in account lockout report.

Action-Not Available
Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.
Product-manageengine_adaudit_plusADAudit Plusadaudit_plus
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-49574
Matching Score-10
Assigner-ManageEngine
ShareView Details
Matching Score-10
Assigner-ManageEngine
CVSS Score-8.3||HIGH
EPSS-0.81% / 73.30%
||
7 Day CHG~0.00%
Published-18 Nov, 2024 | 07:55
Updated-26 Nov, 2024 | 14:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL Injection

Zohocorp ManageEngine ADAudit Plus versions below 8123 are vulnerable to SQL Injection in the reports module.

Action-Not Available
Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.
Product-manageengine_adaudit_plusADAudit Plusmanageengine_adaudit_plus
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-48878
Matching Score-10
Assigner-ManageEngine
ShareView Details
Matching Score-10
Assigner-ManageEngine
CVSS Score-8.3||HIGH
EPSS-0.88% / 74.43%
||
7 Day CHG~0.00%
Published-04 Nov, 2024 | 10:56
Updated-05 Nov, 2024 | 19:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL Injection

Zohocorp ManageEngine ADManager Plus versions 7241 and prior are vulnerable to SQL Injection in Archived Audit Report.

Action-Not Available
Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.
Product-manageengine_admanager_plusADManager Plusmanageengine_admanager_plus
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-36515
Matching Score-10
Assigner-ManageEngine
ShareView Details
Matching Score-10
Assigner-ManageEngine
CVSS Score-8.3||HIGH
EPSS-3.70% / 87.47%
||
7 Day CHG~0.00%
Published-23 Aug, 2024 | 13:37
Updated-27 Aug, 2024 | 13:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL Injection

Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in dashboard. Note: This vulnerability is different from another vulnerability (CVE-2024-36516), both of which have affected ADAudit Plus' dashboard.

Action-Not Available
Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.
Product-manageengine_adaudit_plusADAudit Plusadaudit_plus
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-38869
Matching Score-8
Assigner-ManageEngine
ShareView Details
Matching Score-8
Assigner-ManageEngine
CVSS Score-8.3||HIGH
EPSS-0.08% / 24.86%
||
7 Day CHG~0.00%
Published-23 Aug, 2024 | 14:07
Updated-30 Aug, 2024 | 18:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Incorrect Authorization

Zohocorp ManageEngine Endpoint Central affected by Incorrect authorization vulnerability in remote office deploy configurations.This issue affects Endpoint Central: before 11.3.2416.04 and before 11.3.2400.25.

Action-Not Available
Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.
Product-manageengine_servicedesk_plusmanageengine_supportcenter_plusmanageengine_servicedesk_plus_mspEndpoint Centralmanageengine_endpoint_central
CWE ID-CWE-863
Incorrect Authorization
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2018-10466
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-10.31% / 92.88%
||
7 Day CHG~0.00%
Published-29 May, 2018 | 20:00
Updated-05 Aug, 2024 | 07:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Zoho ManageEngine ADAudit Plus before 5.0.0 build 5100 allows blind SQL Injection.

Action-Not Available
Vendor-n/aZoho Corporation Pvt. Ltd.
Product-manageengine_adaudit_plusn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2020-16267
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.31% / 79.00%
||
7 Day CHG~0.00%
Published-06 Oct, 2020 | 19:02
Updated-04 Aug, 2024 | 13:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Zoho ManageEngine Applications Manager version 14740 and prior allows an authenticated SQL Injection via a crafted jsp request in the RCA module.

Action-Not Available
Vendor-n/aZoho Corporation Pvt. Ltd.
Product-manageengine_applications_managern/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2020-15533
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-11.45% / 93.32%
||
7 Day CHG~0.00%
Published-01 Oct, 2020 | 18:44
Updated-04 Aug, 2024 | 13:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Zoho ManageEngine Application Manager 14.7 Build 14730 (before 14684, and between 14689 and 14750), the AlarmEscalation module is vulnerable to unauthenticated SQL Injection attack.

Action-Not Available
Vendor-n/aZoho Corporation Pvt. Ltd.
Product-manageengine_applications_managern/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2020-15394
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-31.37% / 96.62%
||
7 Day CHG~0.00%
Published-25 Sep, 2020 | 06:11
Updated-04 Aug, 2024 | 13:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The REST API in Zoho ManageEngine Applications Manager before build 14740 allows an unauthenticated SQL Injection via a crafted request, leading to Remote Code Execution.

Action-Not Available
Vendor-n/aZoho Corporation Pvt. Ltd.
Product-manageengine_applications_managern/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-47523
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-59.12% / 98.15%
||
7 Day CHG~0.00%
Published-05 Jan, 2023 | 00:00
Updated-09 Apr, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Zoho ManageEngine Access Manager Plus before 4309, Password Manager Pro before 12210, and PAM360 before 5801 are vulnerable to SQL Injection.

Action-Not Available
Vendor-n/aZoho Corporation Pvt. Ltd.
Product-manageengine_access_manager_plusmanageengine_password_manager_promanageengine_pam360n/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2017-11738
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-1.14% / 77.56%
||
7 Day CHG~0.00%
Published-23 May, 2019 | 15:29
Updated-05 Aug, 2024 | 18:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Zoho ManageEngine Application Manager prior to 14.6 Build 14660, the 'haid' parameter of the '/auditLogAction.do' module is vulnerable to a Time-based Blind SQL Injection attack.

Action-Not Available
Vendor-n/aZoho Corporation Pvt. Ltd.
Product-manageengine_applications_managern/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2017-11559
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-7.93% / 91.68%
||
7 Day CHG~0.00%
Published-23 May, 2019 | 17:09
Updated-05 Aug, 2024 | 18:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in ZOHO ManageEngine OpManager 12.2. The 'apiKey' parameter of "/api/json/admin/getmailserversettings" and "/api/json/dashboard/gotoverviewlist" is vulnerable to a Blind SQL Injection attack.

Action-Not Available
Vendor-n/aZoho Corporation Pvt. Ltd.
Product-manageengine_opmanagern/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-43672
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-62.47% / 98.30%
||
7 Day CHG~0.00%
Published-12 Nov, 2022 | 00:00
Updated-01 May, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL Injection (in a different software component relative to CVE-2022-43671.

Action-Not Available
Vendor-n/aZoho Corporation Pvt. Ltd.
Product-manageengine_access_manager_plusmanageengine_pam360manageengine_password_manager_pron/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-43671
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-62.47% / 98.30%
||
7 Day CHG~0.00%
Published-12 Nov, 2022 | 00:00
Updated-01 May, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL Injection.

Action-Not Available
Vendor-n/aZoho Corporation Pvt. Ltd.
Product-manageengine_access_manager_plusmanageengine_pam360manageengine_password_manager_pron/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2016-9488
Matching Score-6
Assigner-CERT/CC
ShareView Details
Matching Score-6
Assigner-CERT/CC
CVSS Score-9.8||CRITICAL
EPSS-5.65% / 90.00%
||
7 Day CHG~0.00%
Published-05 Jun, 2018 | 14:00
Updated-06 Aug, 2024 | 02:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ManageEngine Applications Manager versions 12 and 13 suffer from remote SQL injection vulnerabilities

ManageEngine Applications Manager versions 12 and 13 before build 13200 suffer from remote SQL injection vulnerabilities. An unauthenticated attacker is able to access the URL /servlet/MenuHandlerServlet, which is vulnerable to SQL injection. The attacker could extract users' password hashes, which are MD5 hashes without salt, and, depending on the database type and its configuration, could also execute operating system commands using SQL queries.

Action-Not Available
Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)
Product-applications_managerApplications Manager
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-40300
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-46.10% / 97.56%
||
7 Day CHG~0.00%
Published-16 Sep, 2022 | 22:47
Updated-13 Jan, 2025 | 16:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Zoho ManageEngine Password Manager Pro through 12120 before 12121, PAM360 through 5550 before 5600, and Access Manager Plus through 4304 before 4305 have multiple SQL injection vulnerabilities.

Action-Not Available
Vendor-n/aZoho Corporation Pvt. Ltd.
Product-manageengine_password_manager_promanageengine_pam360manageengine_access_manager_plusn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found