Manageengine access manager plus
This hub aggregates every CVE we track for Manageengine access manager plus, a product in the security products space. Use it to gauge the current risk picture and drill into individual advisories.
6
CVEs tracked
4
Critical
1
High
1
In CISA KEV
Severity distribution
CRITICAL4HIGH1MEDIUM1
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
2024-082026-07
Latest CVEs
The 6 most recently published vulnerabilities affecting Manageengine access manager plus.
- CVE-2025-11669Broken Access Control8.1
- CVE-2023-6105ManageEngine Information Disclosure in Multiple Products5.5
- CVE-2022-40300Zoho ManageEngine Password Manager Pro through 12120 before 12121, PAM360 through 5550 before 5600, and Access Manager Plus through 4304 before 4305 have multiple SQL injection vulnerabilities.9.8
- CVE-2022-35405Zoho ManageEngine Password Manager Pro before 12101 and PAM360 before 5510 are vulnerable to unauthenticated remote code execution. (This also affects ManageEngine Access Manager Plus before 4303 w...KEV9.8
- CVE-2022-29081Zoho ManageEngine Access Manager Plus before 4302, Password Manager Pro before 12007, and PAM360 before 5401 are vulnerable to access-control bypass on a few Rest API URLs (for SSOutAction. SSLActi...9.8
- CVE-2021-44676Zoho ManageEngine Access Manager Plus before 4203 allows anyone to view a few data elements (e.g., access control details) and modify a few aspects of the application state.9.8
Product normalization is registry-driven with AI assist and human review. How it works