Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

ManageEngine — Vulnerabilities & Security Advisories 86

Browse all 86 CVE security advisories affecting ManageEngine. AI-powered Chinese analysis, POCs, and references for each vulnerability.

ManageEngine provides enterprise IT management solutions, including asset management, network monitoring, and identity governance tools. With 86 recorded CVEs, the vendor’s software has historically been susceptible to critical vulnerabilities, particularly remote code execution (RCE), cross-site scripting (XSS), and privilege escalation flaws. These security issues often stem from insufficient input validation and improper access controls within its web-based interfaces and backend services. Notable incidents include the 2024 supply chain compromise affecting the OpManager product, where attackers exploited unpatched vulnerabilities to deploy malware across customer environments. This breach highlighted systemic weaknesses in patch management and secure coding practices. While the company releases regular updates to address these gaps, the high volume of past exploits underscores persistent challenges in maintaining robust security postures across its diverse portfolio of IT administration utilities.

Top products by ManageEngine: ADAudit Plus Applications Manager Exchange Reporter Plus OpManager ADSelfService Plus Endpoint Central Desktop Central PAM360 DDI Central ADManager Plus ServiceDesk Plus Analytics Plus Asset Explorer ServiceDesk Plus MSP SharePoint Manager Plus Password Manager Pro OpManager, Remote Monitoring and Management OpManager, OpManager Plus, OpManager MSP, OpManager Enterprise Edition ServiceDesk Plus, ServiceDesk Plus MSP, SupportCenter Plus Service Desk Plus
CVE IDTitleCVSSSeverityPublished
CVE-2024-27310 DOS Vulnerability — ADSelfService PlusCWE-90 5.3 Medium2024-05-27
CVE-2024-27314 Stored XSS Vulnerability — ServiceDesk Plus, ServiceDesk Plus MSP, SupportCenter PlusCWE-79 2.4 Low2024-05-27
CVE-2024-21791 SQL Injection in ADAudit Plus — ADAudit PlusCWE-89 4.7 Medium2024-05-22
CVE-2023-49335 ZOHO ManageEngine ADAudit Plus 安全漏洞 — ADAudit Plus 8.3 High2024-05-20
CVE-2023-49334 ZOHO ManageEngine ADAudit Plus 安全漏洞 — ADAudit Plus 8.3 High2024-05-20
CVE-2023-49333 ZOHO ManageEngine ADAudit Plus 安全漏洞 — ADAudit Plus 8.3 High2024-05-20
CVE-2023-49332 ZOHO ManageEngine ADAudit Plus 安全漏洞 — ADAudit Plus 8.3 High2024-05-20
CVE-2023-49331 ZOHO ManageEngine ADAudit Plus 安全漏洞 — ADAudit Plus 8.3 High2024-05-20
CVE-2024-27312 Authorization vulnerability in PAM360 — PAM360CWE-863 8.1 High2024-05-20
CVE-2023-49330 Zoho ManageEngine ADAudit Plus 安全漏洞 — ADAudit Plus 8.3 High2024-05-20
CVE-2024-21775 SQL Injection — Exchange Reporter PlusCWE-89 8.3 High2024-02-16
CVE-2024-0269 SQL Injection — ADAudit PlusCWE-89 8.3 High2024-02-02
CVE-2024-0253 SQL Injection — ADAudit PlusCWE-89 8.3 High2024-02-02
CVE-2024-0252 Remote code execution — ADSelfService PlusCWE-94 8.8 High2024-01-11
CVE-2023-47211 ZOHO ManageEngine OpManager 路径遍历漏洞 — OpManagerCWE-22 9.1 Critical2024-01-08
CVE-2023-6105 ManageEngine Information Disclosure in Multiple Products — Service Desk PlusCWE-200 5.5 Medium2023-11-15
CVE-2023-4769 Server-Side Request Forgery in ManageEngine Desktop Central — Desktop CentralCWE-918 6.6 Medium2023-11-03
CVE-2023-4768 Improper Neutralization of CRLF Sequences in ManageEngine Desktop Central — Desktop CentralCWE-93 6.1 Medium2023-11-03
CVE-2023-4767 Improper Neutralization of CRLF Sequences in ManageEngine Desktop Central — Desktop CentralCWE-93 6.1 Medium2023-11-03
CVE-2023-35719 ManageEngine ADSelfService Plus GINA Client Insufficient Verification of Data Authenticity Authentication Bypass Vulnerability — ADSelfService PlusCWE-345 6.8 -2023-09-06
CVE-2022-43473 ManageEngine OpManager 代码问题漏洞 — OpManagerCWE-611 5.8 Medium2023-03-30
CVE-2016-9498 ManageEngine Applications Manager 12 and 13, allows unserialization of unsafe Java objects — Applications ManagerCWE-502 9.8 -2018-07-13
CVE-2016-9491 ManageEngine Applications Manager 12 and 13 is vulnerable to privilege escalation due to improper restriction of an XML external entity — Applications ManagerCWE-611 4.9 -2018-07-13
CVE-2016-9489 ManageEngine Applications Manager 12 and 13 is vulnerable to privilege escalation and authentication bypass — Applications ManagerCWE-269 8.1 -2018-07-13
CVE-2016-9488 ManageEngine Applications Manager versions 12 and 13 suffer from remote SQL injection vulnerabilities — Applications ManagerCWE-89 9.8 -2018-06-05
CVE-2016-9490 ManageEngine Applications Manager versions 12 and 13 suffer from a Reflected Cross-Site Scripting vulnerability — Applications ManagerCWE-79 6.1 -2018-06-05

This page lists every published CVE security advisory associated with ManageEngine. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.