Zohocorp Manageengine Adaudit Plus — known CVE vulnerabilities
Every CVE whose affected-product data names Zohocorp Manageengine Adaudit Plus, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVE-2022-28219 — CVSS 9.8 (critical): Cewolf in Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to an unauthenticated XXE attack that leads to Remote Code Execution.
CVE-2020-11532 — CVSS 9.8 (critical): Zoho ManageEngine DataSecurity Plus prior to 6.0.1 uses default admin credentials to communicate with a DataEngine Xnode server. This…
CVE-2020-24786 — CVSS 9.8 (critical): An issue was discovered in Zoho ManageEngine Exchange Reporter Plus before build number 5510, AD360 before build number 4228, ADSelfService…
CVE-2020-11531 — CVSS 8.8 (high): The DataEngine Xnode Server application in Zoho ManageEngine DataSecurity Plus prior to 6.0.1 does not validate the database schema name…
CVE-2022-29457 — CVSS 8.8 (high): Zoho ManageEngine ADSelfService Plus before 6121, ADAuditPlus 7060, Exchange Reporter Plus 5701, and ADManagerPlus 7131 allow NTLM Hash…
CVE-2022-24978 — CVSS 8.8 (high): Zoho ManageEngine ADAudit Plus before 7055 allows authenticated Privilege Escalation on Integrated products. This occurs because a password…
CVE-2025-41444 — CVSS 8.3 (high): Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the alerts module.
CVE-2024-5527 — CVSS 8.3 (high): Zohocorp ManageEngine ADAudit Plus versions below 8110 are vulnerable to authenticated SQL Injection in file auditing configuration.
CVE-2024-5556 — CVSS 8.3 (high): Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in reports module.
CVE-2024-5586 — CVSS 8.3 (high): Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to the authenticated SQL injection in extranet lockouts report option.
CVE-2024-5608 — CVSS 8.3 (high): Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to SQL Injection in the technician reports feature.
CVE-2025-27709 — CVSS 8.3 (high): Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the Service Account Auditing…
CVE-2025-36527 — CVSS 8.3 (high): Zohocorp ManageEngine ADAudit Plus versions below 8511 are vulnerable to SQL injection while exporting reports.
CVE-2025-36528 — CVSS 8.3 (high): Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in Service Account Auditing…
CVE-2025-3836 — CVSS 8.3 (high): Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the logon events aggregate…
CVE-2025-41403 — CVSS 8.3 (high): Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection while fetching service account…
CVE-2025-41407 — CVSS 8.3 (high): Zohocorp ManageEngine ADAudit Plus versions below 8511 are vulnerable to SQL injection in the OU History report.
CVE-2023-49330 — CVSS 8.3 (high): Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection while getting aggregate report data.
CVE-2023-49331 — CVSS 8.3 (high): Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection in the aggregate reports search option.
CVE-2023-49332 — CVSS 8.3 (high): Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection while adding file shares.
CVE-2023-49333 — CVSS 8.3 (high): Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection in the dashboard graph feature.
CVE-2023-49334 — CVSS 8.3 (high): Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection while exporting a full summary report.
CVE-2023-49335 — CVSS 8.3 (high): Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection while getting file server details.
CVE-2024-0253 — CVSS 8.3 (high): ManageEngine ADAudit Plus versions 7270 and below are vulnerable to the Authenticated SQL injection in home Graph-Data.
CVE-2024-0269 — CVSS 8.3 (high): ManageEngine ADAudit Plus versions 7270 and below are vulnerable to the Authenticated SQL injection in File-Summary DrillDown. This issue…
CVE-2024-36034 — CVSS 8.3 (high): Zohocorp ManageEngine ADAudit Plus versions below 8003 are vulnerable to authenticated SQL Injection in aggregate reports' search option.
CVE-2024-36035 — CVSS 8.3 (high): Zohocorp ManageEngine ADAudit Plus versions below 8003 are vulnerable to authenticated SQL Injection in user session recording.
CVE-2024-36485 — CVSS 8.3 (high): Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to SQL Injection in Technician reports option.
CVE-2024-36514 — CVSS 8.3 (high): Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in file summary option.
CVE-2024-36515 — CVSS 8.3 (high): Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in dashboard. Note: This…
CVE-2024-36516 — CVSS 8.3 (high): Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in dashboard. Note: This…
CVE-2024-36517 — CVSS 8.3 (high): Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in alerts module.
CVE-2024-36518 — CVSS 8.3 (high): Zohocorp ManageEngine ADAudit Plus versions below 8110 are vulnerable to authenticated SQL Injection in attack surface analyzer's dashboard.
CVE-2024-49574 — CVSS 8.3 (high): Zohocorp ManageEngine ADAudit Plus versions below 8123 are vulnerable to SQL Injection in the reports module.
CVE-2024-5467 — CVSS 8.3 (high): Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to the authenticated SQL injection in account lockout report.
CVE-2024-5487 — CVSS 8.3 (high): Zohocorp ManageEngine ADAudit Plus versions below 8110 are vulnerable to authenticated SQL Injection in attack surface analyzer's export…
CVE-2024-5490 — CVSS 8.3 (high): Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in aggregate reports option.
CVE-2023-35785 — CVSS 8.1 (high): Zoho ManageEngine Active Directory 360 versions 4315 and below, ADAudit Plus 7202 and below, ADManager Plus 7200 and below, Asset Explorer…
CVE-2025-3834 — CVSS 8.1 (high): Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the OU History report.
CVE-2018-19118 — CVSS 7.5 (high): Zoho ManageEngine ADAudit before 5.1 build 5120 allows remote attackers to cause a denial of service (stack-based buffer overflow) via the…
CVE-2023-32783 — CVSS 7.5 (high): The event analysis component in Zoho ManageEngine ADAudit Plus 7.1.1 allows an attacker to bypass audit detection by creating or renaming…
CVE-2023-6105 — CVSS 5.5 (medium): An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. A…
CVE-2024-36037 — CVSS 5.5 (medium): Zoho ManageEngine ADAudit Plus versions 7260 and below allows unauthorized local agent machine users to view the session recordings.
CVE-2024-21791 — CVSS 4.7 (medium): Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection in lockout history option. Note: Non-admin users cannot exploit…
CVE-2024-36036 — CVSS 4.2 (medium): Zoho ManageEngine ADAudit Plus versions 7260 and below allows unauthorized local agent machine users to access sensitive information and…
CVE-2023-50785 — CVSS 2.7 (low): Zoho ManageEngine ADAudit Plus before 7270 allows admin users to view names of arbitrary directories via path traversal.