Manageengine Applications Manager
8 CVEs affecting Manageengine Applications Manager. Latest disclosed: 2025-07-23. Critical: 0, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-41140 | High | 8.1 | 2025-01-29 | Zohocorp ManageEngine Applications Manager versions 174000 and prior are vulnerable to the incorrect authorization in the update user function. |
CVE-2025-27930 | Medium | 6.4 | 2025-07-23 | Zohocorp ManageEngine Applications Manager versions 176600 and prior are vulnerable to stored cross-site scripting in the File/Directory monitor. |
CVE-2024-5678 | Medium | 4.7 | 2024-08-01 | Zohocorp ManageEngine Applications Manager versions 170900 and below are vulnerable to the authenticated admin-only SQL Injection in the Create Monitor feature. |
CVE-2016-9498 | | 2018-07-13 | ManageEngine Applications Manager 12 and 13 before build 13200, allows unserialization of unsafe Java objects. The vulnerability can be exploited by remote use… | |
CVE-2016-9491 | | 2018-07-13 | ManageEngine Applications Manager 12 and 13 before build 13690 allows an authenticated user, who is able to access /register.do page (most likely limited to ad… | |
CVE-2016-9489 | | 2018-07-13 | In ManageEngine Applications Manager 12 and 13 before build 13200, an authenticated user is able to alter all of their own properties, including own group, i.e… | |
CVE-2016-9490 | | 2018-06-05 | ManageEngine Applications Manager versions 12 and 13 before build 13200 suffer from a Reflected Cross-Site Scripting vulnerability. Applications Manager is pro… | |
CVE-2016-9488 | | 2018-06-05 | ManageEngine Applications Manager versions 12 and 13 before build 13200 suffer from remote SQL injection vulnerabilities. An unauthenticated attacker is able t… |