Zohocorp Manageengine Analytics Plus — known CVE vulnerabilities
Every CVE whose affected-product data names Zohocorp Manageengine Analytics Plus, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVE-2020-21642 — CVSS 9.8 (critical): Directory Traversal vulnerability ZDBQAREFSUBDIR parameter in /zropusermgmt API in Zoho ManageEngine Analytics Plus before 4350 allows…
CVE-2025-9428 — CVSS 8.3 (high): Zohocorp ManageEngine Analytics Plus versions 6171 and prior are vulnerable to authenticated SQL Injection via the key update api.
CVE-2024-52323 — CVSS 8.1 (high): Zohocorp ManageEngine Analytics Plus versions below 6100 are vulnerable to authenticated sensitive data exposure which allows the users to…
CVE-2019-12133 — CVSS 7.8 (high): Multiple Zoho ManageEngine products suffer from local privilege escalation due to improper permissions for the %SYSTEMDRIVE%\ManageEngine…
CVE-2020-21641 — CVSS 7.5 (high): Out-of-Band XML External Entity (OOB-XXE) vulnerability in Zoho ManageEngine Analytics Plus before 4.3.5 allows remote attackers to read…
CVE-2023-6105 — CVSS 5.5 (medium): An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. A…