Zohocorp Manageengine Admanager Plus — known CVE vulnerabilities
Every CVE whose affected-product data names Zohocorp Manageengine Admanager Plus, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (53)
CVE-2021-37928 — CVSS 9.8 (critical): Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
CVE-2021-37539 — CVSS 9.8 (critical): Zoho ManageEngine ADManager Plus before 7111 is vulnerable to unrestricted file which leads to Remote code execution.
CVE-2021-37761 — CVSS 9.8 (critical): Zoho ManageEngine ADManager Plus version 7110 and prior is vulnerable to unrestricted file upload, leading to remote code execution.
CVE-2021-37762 — CVSS 9.8 (critical): Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file overwrite leading to remote code execution.
CVE-2021-37918 — CVSS 9.8 (critical): Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
CVE-2021-37919 — CVSS 9.8 (critical): Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
CVE-2021-37920 — CVSS 9.8 (critical): Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
CVE-2021-37921 — CVSS 9.8 (critical): Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
CVE-2021-37923 — CVSS 9.8 (critical): Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
CVE-2021-37924 — CVSS 9.8 (critical): Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
CVE-2021-37925 — CVSS 9.8 (critical): Zoho ManageEngine ADManager Plus version 7110 and prior has a Post-Auth OS command injection vulnerability.
CVE-2021-37926 — CVSS 9.8 (critical): Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
CVE-2021-37929 — CVSS 9.8 (critical): Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
CVE-2021-37930 — CVSS 9.8 (critical): Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
CVE-2021-37931 — CVSS 9.8 (critical): Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
CVE-2021-42002 — CVSS 9.8 (critical): Zoho ManageEngine ADManager Plus before 7115 is vulnerable to a filter bypass that leads to file-upload remote code execution.
CVE-2020-24786 — CVSS 9.8 (critical): An issue was discovered in Zoho ManageEngine Exchange Reporter Plus before build number 5510, AD360 before build number 4228, ADSelfService…
CVE-2024-24409 — CVSS 8.8 (high): Zohocorp ManageEngine ADManager Plus versions 7203 and prior are vulnerable to Privilege Escalation in the Modify Computers option.
CVE-2017-17552 — CVSS 8.8 (high): /LoadFrame in Zoho ManageEngine AD Manager Plus build 6590 - 6613 allows attackers to conduct URL Redirection attacks via the src…
CVE-2021-20130 — CVSS 8.8 (high): ManageEngine ADManager Plus Build 7111 contains a post-authentication remote code execution vulnerability due to improperly validated file…
CVE-2021-20131 — CVSS 8.8 (high): ManageEngine ADManager Plus Build 7111 contains a post-authentication remote code execution vulnerability due to improperly validated file…
CVE-2022-29457 — CVSS 8.8 (high): Zoho ManageEngine ADSelfService Plus before 6121, ADAuditPlus 7060, Exchange Reporter Plus 5701, and ADManagerPlus 7131 allow NTLM Hash…
CVE-2025-10020 — CVSS 8.5 (high): Zohocorp ManageEngine ADManager Plus version before 8024 are vulnerable to authenticated command injection vulnerability in the Custom…
CVE-2024-48878 — CVSS 8.3 (high): Zohocorp ManageEngine ADManager Plus versions 7241 and prior are vulnerable to SQL Injection in Archived Audit Report.
CVE-2023-35785 — CVSS 8.1 (high): Zoho ManageEngine Active Directory 360 versions 4315 and below, ADAudit Plus 7202 and below, ADManager Plus 7200 and below, Asset Explorer…
CVE-2019-12876 — CVSS 7.3 (high): Zoho ManageEngine ADManager Plus 6.6.5, ADSelfService Plus 5.7, and DesktopCentral 10.0.380 have Insecure Permissions, leading to Privilege…
CVE-2023-29084 — CVSS 7.2 (high): Zoho ManageEngine ADManager Plus before 7181 allows for authenticated users to exploit command injection via Proxy settings.
CVE-2023-38743 — CVSS 7.2 (high): Zoho ManageEngine ADManager Plus before Build 7200 allows admin users to execute commands on the host machine.
CVE-2022-42904 — CVSS 7.2 (high): Zoho ManageEngine ADManager Plus through 7151 allows authenticated admin users to execute the commands in proxy settings.
CVE-2018-19374 — CVSS 7.0 (high): Zoho ManageEngine ADManager Plus 6.6 Build 6657 allows local users to gain privileges (after a reboot) by placing a Trojan horse file into…
CVE-2023-38332 — CVSS 6.5 (medium): Zoho ManageEngine ADManager Plus through 7201 allow authenticated users to take over another user's account via sensitive information…
CVE-2023-31492 — CVSS 6.5 (medium): Zoho ManageEngine ADManager Plus version 7182 and prior disclosed the default passwords for the account restoration of unauthorized domains…
CVE-2025-11670 — CVSS 6.4 (medium): Zohocorp ManageEngine ADManager Plus versions before 8025 are vulnerable to NTLM Hash Exposure. This vulnerability is exploitable only by…
CVE-2025-9435 — CVSS 5.5 (medium): Zohocorp ManageEngine ADManager Plus versions below 7230 are vulnerable to Path Traversal in the User Management module
CVE-2023-6105 — CVSS 5.5 (medium): An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. A…
CVE-2023-41904 — CVSS 5.4 (medium): Zoho ManageEngine ADManager Plus before 7203 allows 2FA bypass (for AuthToken generation) in REST APIs.
CVE-2021-37922 — CVSS 5.3 (medium): Zoho ManageEngine ADManager Plus version 7110 and prior is vulnerable to path traversal which allows copying of files from one directory to…
CVE-2023-39912 — CVSS 4.9 (medium): Zoho ManageEngine ADManager Plus before 7203 allows Help Desk Technician users to read arbitrary files on the machine where this product is…
CVE-2023-35786 — CVSS 4.9 (medium): Zoho ManageEngine ADManager Plus before 7183 allows admin users to exploit an XXE issue to view files.
CVE-2010-5050 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in jsp/admin/tools/remote_share.jsp in ManageEngine ADManager Plus 4.4.0 allows remote attackers…
CVE-2015-1026 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in ZOHO ManageEngine ADManager Plus before 6.2 Build 6270 allow remote attackers to…