CVE-2022-29457

Zoho ManageEngine ADSelfService Plus before 6121, ADAuditPlus 7060, Exchange Reporter Plus 5701, and ADManagerPlus 7131 allow NTLM Hash disclosure during certain storage-path configuration steps...

CVE-2022-24447

An issue was discovered in Zoho ManageEngine Key Manager Plus before 6200. A service exposed by the application allows a user, with the level Operator, to access stored SSL certificates and associated key pairs during export...

CVE-2022-28810

Zoho ManageEngine ADSelfService Plus before build 6122 allows a remote authenticated administrator to execute arbitrary operating OS commands as SYSTEM via the policy custom script feature. Due to the use of a default administrator password, attackers may be able to abuse this functionality with...

CVE-2022-40772

Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to a validation bypass that allows users to access sensitive data via the report module...

CVE-2022-48362

Zoho ManageEngine Desktop Central and Desktop Central MSP before 10.1.2137.2 allow directory traversal via computerName to AgentLogUploadServlet. A remote, authenticated attacker could upload arbitrary code that would be executed when Desktop Central is restarted. The attacker could authenticate ...

CVE-2022-47523

Zoho ManageEngine Access Manager Plus before 4309, Password Manager Pro before 12210, and PAM360 before 5801 are vulnerable to SQL Injection...

CVE-2022-43671

Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL Injection...

CVE-2022-24978

Zoho ManageEngine ADAudit Plus before 7055 allows authenticated Privilege Escalation on Integrated products. This occurs because a password field is present in a JSON response...

CVE-2022-24681

Zoho ManageEngine ADSelfService Plus before 6121 allows XSS via the welcome name attribute to the Reset Password, Unlock Account, or User Must Change Password screen...

CVE-2022-42903

Zoho ManageEngine SupportCenter Plus through 11024 allows low-privileged users to view the organization users list...

CVE-2022-24446

An issue was discovered in Zoho ManageEngine Key Manager Plus 6.1.6. A user, with the level Operator, can see all SSH servers and user information even if no SSH server or user is associated to the operator...

ZOHO ManageEngine ADAudit Plus 安全漏洞

ZOHO ManageEngine ADAudit Plus is used by ZOHO USA, Inc. to simplify auditing, demonstrate compliance and detect threats. A security vulnerability exists in ZOHO ManageEngine ADAudit Plus versions prior to 8511, which stems from OU History reports of vulnerability to SQL injection attacks...

PT-2025-22651 · Zohocorp · Zoho Manageengine Adaudit Plus

Name of the Vulnerable Software and Affected Versions: Zohocorp ManageEngine ADAudit Plus versions below 8511 Description: The issue concerns SQL injection in the OU History report. This allows for potential exploitation. Recommendations: For Zohocorp ManageEngine ADAudit Plus versions below 8511...

PT-2025-22647 · Zohocorp · Zoho Manageengine Adaudit Plus

Name of the Vulnerable Software and Affected Versions: Zohocorp ManageEngine ADAudit Plus versions below 8511 Description: The issue is related to SQL injection while exporting reports. Recommendations: For versions below 8511, update to version 8511 or later to resolve the issue. As a temporary...

ZOHO ManageEngine ADAudit Plus 安全漏洞

ZOHO ManageEngine ADAudit Plus is used by ZOHO USA, Inc. to simplify audits, demonstrate compliance and detect threats. A security vulnerability exists in ZOHO ManageEngine ADAudit Plus versions prior to 8511, which stems from a vulnerability to SQL injection attacks when exporting reports...

CVE-2022-24306

Zoho ManageEngine SharePoint Manager Plus before 4329 allows account takeover because authorization is mishandled...

CVE-2022-24305

Zoho ManageEngine SharePoint Manager Plus before 4329 is vulnerable to a sensitive data leak that leads to privilege escalation...

CVE-2022-23050

ManageEngine AppManager15 Build No:15510 allows an authenticated admin user to upload a DLL file to perform a DLL hijack attack inside the 'working' folder through the 'Upload Files / Binaries' functionality...

CVE-2022-40770

Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to authenticated command injection. This can be exploited by high-privileged users...

CVE-2022-41339

In Zoho ManageEngine Mobile Device Manager Plus before 10.1.2207.5, the User Administration module allows privilege escalation...