This page lists publicly disclosed CVE vulnerabilities affecting zohocorp manageengine_applications_manager (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2025-9787 | Zohocorp ManageEngine Applications Manager versions 177400 and below are vulnerable to Stored Cross-Site Scripting vulnerability in the NOC view. | 0fc0942c-577d-436f-ae8e-945763c79b02 | 6.1 | 0.91% | 2025-12-18 | 2026-06-17 |
| CVE-2025-9223 | Zohocorp ManageEngine Applications Manager versions 178100 and below are vulnerable to authenticated command injection vulnerability due to the improper configuration in the execute program action feature. | 0fc0942c-577d-436f-ae8e-945763c79b02 | 8.8 | 3.85% | 2025-11-11 | 2026-06-17 |
| CVE-2025-6239 | Zohocorp ManageEngine Applications Manager versions 176800 and below are vulnerable to information disclosure in File/Directory monitor. | 0fc0942c-577d-436f-ae8e-945763c79b02 | 6.5 | 0.87% | 2025-10-21 | 2026-06-17 |
| CVE-2025-27930 | Zohocorp ManageEngine Applications Manager versions 176600 and prior are vulnerable to stored cross-site scripting in the File/Directory monitor. | 0fc0942c-577d-436f-ae8e-945763c79b02 | 6.4 | 0.38% | 2025-07-23 | 2026-06-17 |
| CVE-2024-41140 | Zohocorp ManageEngine Applications Manager versions 174000 and prior are vulnerable to the incorrect authorization in the update user function. | 0fc0942c-577d-436f-ae8e-945763c79b02 | 8.1 | 0.86% | 2025-01-29 | 2026-06-17 |
| CVE-2024-5678 | Zohocorp ManageEngine Applications Manager versions 170900 and below are vulnerable to the authenticated admin-only SQL Injection in the Create Monitor feature. | 0fc0942c-577d-436f-ae8e-945763c79b02 | 4.7 | 2.55% | 2024-08-01 | 2026-06-17 |
| CVE-2023-38333 | Zoho ManageEngine Applications Manager through 16530 allows reflected XSS while logged in. | [email protected] | 6.1 | 1.98% | 2023-08-10 | 2026-06-17 |
| CVE-2023-29442 | Zoho ManageEngine Applications Manager before 16400 allows proxy.html DOM XSS. | [email protected] | 6.1 | 9.41% | 2023-04-26 | 2026-06-17 |
| CVE-2023-28341 | Stored Cross site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager through 16340 allows an unauthenticated user to inject malicious javascript on the incorrect login details page. | [email protected] | 6.1 | 98.81% | 2023-04-10 | 2026-06-17 |
| CVE-2023-28340 | Zoho ManageEngine Applications Manager through 16320 allows the admin user to conduct an XXE attack. | [email protected] | 6.5 | 3.20% | 2023-04-10 | 2026-06-17 |
| CVE-2022-23050 | ManageEngine AppManager15 (Build No:15510) allows an authenticated admin user to upload a DLL file to perform a DLL hijack attack inside the 'working' folder through the 'Upload Files / Binaries' functionality. | [email protected] | 7.2 | 4.65% | 2022-05-24 | 2026-06-17 |
| CVE-2020-28679 | A vulnerability in the showReports module of Zoho ManageEngine Applications Manager before build 14550 allows authenticated attackers to execute a SQL injection via a crafted request. | [email protected] | 8.8 | 2.53% | 2022-01-10 | 2026-06-16 |
| CVE-2020-24743 | An issue was found in /showReports.do Zoho ManageEngine Applications Manager up to 14550, allows attackers to gain escalated privileges via the resourceid parameter. | [email protected] | 9.8 | 2.74% | 2021-11-03 | 2026-06-16 |
| CVE-2021-35512 | An SSRF issue was discovered in Zoho ManageEngine Applications Manager build 15200. | [email protected] | 6.5 | 1.56% | 2021-10-21 | 2026-06-16 |
| CVE-2021-31813 | Zoho ManageEngine Applications Manager before 15130 is vulnerable to Stored XSS while importing malicious user details (e.g., a crafted user name) from AD. | [email protected] | 5.4 | 78.27% | 2021-07-01 | 2026-06-16 |
| CVE-2020-35765 | doFilter in com.adventnet.appmanager.filter.UriCollector in Zoho ManageEngine Applications Manager through 14930 allows an authenticated SQL Injection via the resourceid parameter to showresource.do. | [email protected] | 8.8 | 27.35% | 2021-02-05 | 2026-06-16 |
| CVE-2020-27733 | Zoho ManageEngine Applications Manager before 14 build 14880 allows an authenticated SQL Injection via a crafted Alarmview request. | [email protected] | 8.8 | 8.81% | 2021-01-19 | 2026-06-16 |
| CVE-2020-27995 | SQL Injection in Zoho ManageEngine Applications Manager 14 before 14560 allows an attacker to execute commands on the server via the MyPage.do template_resid parameter. | [email protected] | 9.8 | 8.73% | 2020-10-29 | 2026-06-16 |
| CVE-2020-10816 | Zoho ManageEngine Applications Manager 14780 and before allows a remote unauthenticated attacker to register managed servers via AAMRequestProcessor servlet. | [email protected] | 7.5 | 4.79% | 2020-10-08 | 2026-06-16 |
| CVE-2020-16267 | Zoho ManageEngine Applications Manager version 14740 and prior allows an authenticated SQL Injection via a crafted jsp request in the RCA module. | [email protected] | 8.8 | 43.33% | 2020-10-06 | 2026-06-16 |