Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

ManageEngine — Vulnerabilities & Security Advisories 86

Browse all 86 CVE security advisories affecting ManageEngine. AI-powered Chinese analysis, POCs, and references for each vulnerability.

ManageEngine provides enterprise IT management solutions, including asset management, network monitoring, and identity governance tools. With 86 recorded CVEs, the vendor’s software has historically been susceptible to critical vulnerabilities, particularly remote code execution (RCE), cross-site scripting (XSS), and privilege escalation flaws. These security issues often stem from insufficient input validation and improper access controls within its web-based interfaces and backend services. Notable incidents include the 2024 supply chain compromise affecting the OpManager product, where attackers exploited unpatched vulnerabilities to deploy malware across customer environments. This breach highlighted systemic weaknesses in patch management and secure coding practices. While the company releases regular updates to address these gaps, the high volume of past exploits underscores persistent challenges in maintaining robust security postures across its diverse portfolio of IT administration utilities.

Top products by ManageEngine: ADAudit Plus Applications Manager Exchange Reporter Plus OpManager ADSelfService Plus Endpoint Central Desktop Central PAM360 DDI Central ADManager Plus ServiceDesk Plus Analytics Plus Asset Explorer ServiceDesk Plus MSP SharePoint Manager Plus Password Manager Pro OpManager, Remote Monitoring and Management OpManager, OpManager Plus, OpManager MSP, OpManager Enterprise Edition ServiceDesk Plus, ServiceDesk Plus MSP, SupportCenter Plus Service Desk Plus
CVE IDTitleCVSSSeverityPublished
CVE-2025-8309 User privilege escalation vulnerability — Asset ExplorerCWE-269 8.1 High2025-08-20
CVE-2025-27930 Stored XSS — Applications ManagerCWE-79 6.4 Medium2025-07-23
CVE-2025-5966 Stored XSS — Exchange Reporter PlusCWE-79 8.1 High2025-06-26
CVE-2025-5366 Stored XSS — Exchange Reporter PlusCWE-79 8.1 High2025-06-26
CVE-2025-41444 SQL Injection — ADAudit PlusCWE-89 8.3 High2025-06-09
CVE-2025-36528 SQL Injection — ADAudit PlusCWE-89 8.3 High2025-06-09
CVE-2025-27709 SQL Injection — ADAudit PlusCWE-89 8.3 High2025-06-09
CVE-2025-41437 Reflected XSS — OpManagerCWE-79 4.3 Medium2025-06-09
CVE-2025-3835 Remote Code Execution — Exchange Reporter PlusCWE-434 9.6 Critical2025-06-09
CVE-2025-41407 SQL Injection — ADAudit PlusCWE-89 8.3 High2025-05-23
CVE-2025-36527 SQL Injection — ADAudit PlusCWE-89 8.3 High2025-05-23
CVE-2025-41403 SQL Injection — ADAudit PlusCWE-89 8.3 High2025-05-22
CVE-2025-3836 SQL Injection — ADAudit PlusCWE-89 8.3 High2025-05-22
CVE-2025-3444 Local File Inclusion — ServiceDesk Plus MSPCWE-434 6.5 Medium2025-05-22
CVE-2025-3834 SQL Injection — ADAudit PlusCWE-89 8.1 High2025-05-14
CVE-2025-3833 SQL Injection — ADSelfService PlusCWE-89 8.1 High2025-05-14
CVE-2024-50053 Stored XSS — ServiceDesk PlusCWE-79 6.3 Medium2025-03-21
CVE-2025-1723 Account takeover — ADSelfService PlusCWE-287 8.1 High2025-03-03
CVE-2024-9097 IDOR — Endpoint CentralCWE-639 3.5 Low2025-02-05
CVE-2024-41140 Improper Authorization — Applications ManagerCWE-863 8.1 High2025-01-29
CVE-2024-52323 Sensitive Data Exposure — Analytics PlusCWE-200 8.1 High2024-11-27
CVE-2024-49574 SQL Injection — ADAudit PlusCWE-89 8.3 High2024-11-18
CVE-2024-10839 XML External Entity — SharePoint Manager PlusCWE-611 8.5 High2024-11-08
CVE-2024-24409 Privilege Escalation — ADManager PlusCWE-269 8.8 High2024-11-08
CVE-2024-10203 Agent Arbitrary File Deletion — EndPoint CentralCWE-269 7.0 High2024-11-07
CVE-2024-9459 SQL Injection — Exchange Reporter PlusCWE-89 8.3 High2024-11-05
CVE-2024-36485 SQL Injection — ADAudit PlusCWE-89 8.3 High2024-11-04
CVE-2024-48878 SQL Injection — ADManager PlusCWE-89 8.3 High2024-11-04
CVE-2024-5608 SQL Injection — ADAudit PlusCWE-89 8.3 High2024-10-24
CVE-2024-9100 Local File Inclusion — Analytics PlusCWE-22 6.5 Medium2024-10-03

This page lists every published CVE security advisory associated with ManageEngine. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.