CVE-2025-1723

Zohocorp ManageEngine ADSelfService Plus versions 6510 and below are vulnerable to account takeover due to the session mishandling. Valid account holders in the setup only have the potential to exploit this bug...

CVE-2025-1723

Zohocorp ManageEngine ADSelfService Plus versions 6510 and below are vulnerable to account takeover due to the session mishandling. Valid account holders in the setup only have the potential to exploit this bug...

CVE-2025-1723

CVE-2025-1723 affects Zohocorp ManageEngine ADSelfService Plus versions 6510 and earlier. The root cause is session mishandling in ADSelfService Plus, which can enable account takeover by valid users, especially when MFA is not enabled. Multiple connected sources (Red Hat advisory, NVD/NCSC/CVE r...

CVE-2025-1723 Account takeover

Zohocorp ManageEngine ADSelfService Plus versions 6510 and below are vulnerable to account takeover due to the session mishandling. Valid account holders in the setup only have the potential to exploit this bug...

CVE-2025-1723 Account takeover

Zohocorp ManageEngine ADSelfService Plus versions 6510 and below are vulnerable to account takeover due to the session mishandling. Valid account holders in the setup only have the potential to exploit this bug...

PT-2025-9278 · Manageengine · Zoho Manageengine Adselfservice Plus

Name of the Vulnerable Software and Affected Versions: Zohocorp ManageEngine ADSelfService Plus versions 6510 and below Description: The issue is related to session mishandling, which can lead to account takeover. Valid account holders in the setup only have the potential to exploit this bug. The...

ManageEngine Endpoint Central 11.3.2428.x <= 11.3.2428.01, 11.3.2440.x <= 11.3.2440.0 Insecure Direct Object References

The version of ManageEngine Endpoint Central installed on the remote Windows host is either prior to 11.3.2428.26 or prior to 11.3.2440.09. It is,therefore, affected by an insecure direct object references vulnerability. For more information, consult the vendor advisory. Note that Nessus has not...

CVE-2023-6105

An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. A low-privileged OS user with access to the host where an affected ManageEngine product is installed can view and use the exposed key to decrypt product database...

CVE-2024-9097

ManageEngine Endpoint Central versions before 11.3.2440.09 are vulnerable to IDOR vulnerability which allows the attacker to change the username in the chat...

CVE-2022-47577

An issue was discovered in the endpoint protection agent in Zoho ManageEngine Device Control Plus 10.1.2228.15. Despite configuring complete restrictions on USB pendrives, USB HDD devices, memory cards, USB connections to mobile devices, etc., it is still possible to bypass the USB restrictions b...

CVE-2019-14693

Zoho ManageEngine AssetExplorer 6.2.0 is vulnerable to an XML External Entity Injection XXE attack when processing license XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources...

CVE-2020-10189

Zoho ManageEngine Desktop Central before 10.0.474 allows remote code execution because of deserialization of untrusted data in getChartImage in the FileStorage class. This is related to the CewolfServlet and MDMLogUploaderServlet servlets...

CVE-2024-9097

ManageEngine Endpoint Central versions before 11.3.2440.09 are vulnerable to IDOR vulnerability which allows the attacker to change the username in the chat...

CVE-2024-9097

ManageEngine Endpoint Central versions before 11.3.2440.09 are vulnerable to IDOR vulnerability which allows the attacker to change the username in the chat...

CVE-2024-9097 IDOR

ManageEngine Endpoint Central versions before 11.3.2440.09 are vulnerable to IDOR vulnerability which allows the attacker to change the username in the chat...

CVE-2024-9097 IDOR

ManageEngine Endpoint Central versions before 11.3.2440.09 are vulnerable to IDOR vulnerability which allows the attacker to change the username in the chat...

CVE-2024-9097

Summary: CVE-2024-9097 affects ManageEngine Endpoint Central before 11.3.2440.09. The vulnerability is an insecure direct object reference (IDOR) that allows an attacker to change a user’s name in chat. The issue is present in the endpoint central desktop management system (Host/Chat component) a...

CVE-2024-52323

Zohocorp ManageEngine Analytics Plus versions below 6100 are vulnerable to authenticated sensitive data exposure which allows the users to retrieve sensitive tokens associated to the org-admin account...

CVE-2024-38868

Zohocorp ManageEngine Endpoint Central affected by Incorrect authorization vulnerability while isolating the devices.This issue affects Endpoint Central: before 11.3.2406.08 and before 11.3.2400.15...

CVE-2024-38869

Zohocorp ManageEngine Endpoint Central affected by Incorrect authorization vulnerability in remote office deploy configurations.This issue affects Endpoint Central: before 11.3.2416.04 and before 11.3.2400.25...