manageengine CVE Vulnerabilities & CVE List (46)

Products (CPE): — CVEs: 46

manageengine vulnerability overview

Aggregates CVE and security vulnerability intelligence across all manageengine-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.

Disclosed issues often relate to vendor risk path handling, vendor risk sql injection, and vendor risk buffer overflow; exposure may include vendor impact application crash in vendor surface software deployment contexts.

Vulnerability distribution trend (last 24 months)

Showing 4146 of 46 CVEs
«« First « Prev Page 3 / 3 Next »
CVE Summary Source Max CVSS EPSS % Published Updated
CVE-2008-0476 ManageEngine Applications Manager 8.1 build 8100 does not check authentication for monitorType.do and unspecified other pages, which allows remote attackers to obtain sensitive information and change settings via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. [email protected] 6.4 1.25% 2008-01-29 2026-06-16
CVE-2008-0475 ManageEngine Applications Manager 8.1 build 8100 allows remote attackers to obtain sensitive information ( Home->Summary) via an invalid URI, as demonstrated by the "/-" URI. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. [email protected] 5.0 1.21% 2008-01-29 2026-06-16
CVE-2008-0474 Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Applications Manager 8.1 build 8100 allow remote attackers to inject arbitrary web script or HTML via the (1) showlink parameter to jsp/DiscoveryProfiles.jsp; the (2) attributeIDs, (3) attributeToSelect, (4) redirectto, and (5) resourceid parameters to (a) jsp/ThresholdActionConfiguration.jsp; the (6) page and (7) redirect parameters to (b) jsp/UpdateGlobalSettings.jsp; and the (8) haid and (9) returnpath parameters to (c) showT [email protected] 4.3 1.45% 2008-01-29 2026-06-16
CVE-2007-5891 Multiple cross-site scripting (XSS) vulnerabilities in jsp/Login.do in ManageEngine OpManager MSP Edition and OpManager 7.0 allow remote attackers to inject arbitrary web script or HTML via the (1) requestid, (2) fileid, (3) woMode, and (2) woID parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. [email protected] 4.3 1.03% 2007-11-07 2026-06-16
CVE-2007-2429 ManageEngine PasswordManager Pro (PMP) allows remote attackers to obtain administrative access to a database by injecting a certain command line for the mysql program, as demonstrated by the "-port 2345" and "-u root" arguments. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. [email protected] 10.0 8.02% 2007-05-01 2026-06-16
CVE-2007-1642 Unspecified vulnerability in ManageEngine Firewall Analyzer allows remote authenticated users to "access any common file" via a direct URL request. [email protected] 4.0 1.21% 2007-03-23 2026-06-16
«« First « Prev Page 3 / 3 Next »
cvelogic Threat Intelligence