Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

ManageEngine — Vulnerabilities & Security Advisories 86

Browse all 86 CVE security advisories affecting ManageEngine. AI-powered Chinese analysis, POCs, and references for each vulnerability.

ManageEngine provides enterprise IT management solutions, including asset management, network monitoring, and identity governance tools. With 86 recorded CVEs, the vendor’s software has historically been susceptible to critical vulnerabilities, particularly remote code execution (RCE), cross-site scripting (XSS), and privilege escalation flaws. These security issues often stem from insufficient input validation and improper access controls within its web-based interfaces and backend services. Notable incidents include the 2024 supply chain compromise affecting the OpManager product, where attackers exploited unpatched vulnerabilities to deploy malware across customer environments. This breach highlighted systemic weaknesses in patch management and secure coding practices. While the company releases regular updates to address these gaps, the high volume of past exploits underscores persistent challenges in maintaining robust security postures across its diverse portfolio of IT administration utilities.

Top products by ManageEngine: ADAudit Plus Applications Manager Exchange Reporter Plus OpManager ADSelfService Plus Endpoint Central Desktop Central PAM360 DDI Central ADManager Plus ServiceDesk Plus Analytics Plus Asset Explorer ServiceDesk Plus MSP SharePoint Manager Plus Password Manager Pro OpManager, Remote Monitoring and Management OpManager, OpManager Plus, OpManager MSP, OpManager Enterprise Edition ServiceDesk Plus, ServiceDesk Plus MSP, SupportCenter Plus Service Desk Plus
CVE IDTitleCVSSSeverityPublished
CVE-2024-38868 Incorrect Authorization — Endpoint CentralCWE-863 7.6 High2024-08-30
CVE-2024-6204 SQL injection — Exchange Reporter PlusCWE-89 8.3 High2024-08-30
CVE-2024-5546 SQL Injection — Password Manager ProCWE-89 8.3 High2024-08-28
CVE-2024-41150 Stored XSS — ServiceDesk PlusCWE-79 6.3 Medium2024-08-23
CVE-2024-38869 Incorrect Authorization — Endpoint CentralCWE-863 8.3 High2024-08-23
CVE-2024-5586 SQL Injection — ADAudit PlusCWE-89 8.3 High2024-08-23
CVE-2024-5556 SQL Injection — ADAudit PlusCWE-89 8.3 High2024-08-23
CVE-2024-5490 SQL Injection — ADAudit PlusCWE-89 8.3 High2024-08-23
CVE-2024-36514 SQL Injection — ADAudit PlusCWE-89 8.3 High2024-08-23
CVE-2024-36515 SQL Injection — ADAudit PlusCWE-89 8.3 High2024-08-23
CVE-2024-36516 SQL Injection — ADAudit PlusCWE-89 8.3 High2024-08-23
CVE-2024-36517 SQL Injection — ADAudit PlusCWE-89 8.3 High2024-08-23
CVE-2024-5467 SQL Injection — ADAudit PlusCWE-89 8.3 High2024-08-23
CVE-2024-5466 Remote Code Execution — OpManager, Remote Monitoring and ManagementCWE-94 8.8 High2024-08-23
CVE-2024-36034 SQL Injection — ADAudit PlusCWE-89 8.3 High2024-08-12
CVE-2024-36035 SQL Injection — ADAudit PlusCWE-89 8.3 High2024-08-12
CVE-2024-36518 SQL Injection — ADAudit PlusCWE-89 8.3 High2024-08-12
CVE-2024-5487 SQL Injection — ADAudit PlusCWE-89 8.3 High2024-08-12
CVE-2024-5527 SQL Injection — ADAudit PlusCWE-89 8.3 High2024-08-12
CVE-2024-5678 SQL Injection — Applications ManagerCWE-89 4.7 Medium2024-08-01
CVE-2024-6748 SQL Injection — OpManagerCWE-89 8.3 High2024-07-29
CVE-2024-38872 SQL Injection — Exchange Reporter PlusCWE-89 8.3 High2024-07-26
CVE-2024-38871 SQL Injection — Exchange Reporter PlusCWE-89 8.3 High2024-07-26
CVE-2024-38870 Stored XSS — OpManager, OpManager Plus, OpManager MSP, OpManager Enterprise EditionCWE-79 3.5 Low2024-07-17
CVE-2024-5471 Agent takeover — DDI CentralCWE-798 8.8 High2024-07-17
CVE-2024-27311 Arbitrary file writing — DDI CentralCWE-434 5.5 Medium2024-07-17
CVE-2024-36038 Stored XSS — OpManagerCWE-79 6.3 Medium2024-06-24
CVE-2024-27313 XSS Vulnerability — PAM360CWE-79 6.3 Medium2024-05-29
CVE-2024-36037 Insufficient Access Control Vulnerability — ADAudit PlusCWE-863 5.5 Medium2024-05-27
CVE-2024-36036 Insufficient Access Control Vulnerability — ADAudit Plus 4.2 Medium2024-05-27

This page lists every published CVE security advisory associated with ManageEngine. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.