Browse all 86 CVE security advisories affecting ManageEngine. AI-powered Chinese analysis, POCs, and references for each vulnerability.
ManageEngine provides enterprise IT management solutions, including asset management, network monitoring, and identity governance tools. With 86 recorded CVEs, the vendor’s software has historically been susceptible to critical vulnerabilities, particularly remote code execution (RCE), cross-site scripting (XSS), and privilege escalation flaws. These security issues often stem from insufficient input validation and improper access controls within its web-based interfaces and backend services. Notable incidents include the 2024 supply chain compromise affecting the OpManager product, where attackers exploited unpatched vulnerabilities to deploy malware across customer environments. This breach highlighted systemic weaknesses in patch management and secure coding practices. While the company releases regular updates to address these gaps, the high volume of past exploits underscores persistent challenges in maintaining robust security postures across its diverse portfolio of IT administration utilities.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-41437 | Reflected XSS — OpManagerCWE-79 | 4.3 | Medium | 2025-06-09 |
| CVE-2024-6748 | SQL Injection — OpManagerCWE-89 | 8.3 | High | 2024-07-29 |
| CVE-2024-36038 | Stored XSS — OpManagerCWE-79 | 6.3 | Medium | 2024-06-24 |
| CVE-2023-47211 | ZOHO ManageEngine OpManager 路径遍历漏洞 — OpManagerCWE-22 | 9.1 | Critical | 2024-01-08 |
| CVE-2022-43473 | ManageEngine OpManager 代码问题漏洞 — OpManagerCWE-611 | 5.8 | Medium | 2023-03-30 |
This page lists every published CVE security advisory associated with ManageEngine. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.