Known Vulnerabilities for Manageengine Password Manager Pro by Zohocorp

Listed below are 10 of the newest known vulnerabilities associated with "Manageengine Password Manager Pro" by "Zohocorp".

These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.

Data on known vulnerable versions is also displayed based on information from known CPEs

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2021-33617 Zoho ManageEngine Password Manager Pro before 11.2 11200 allows login/AjaxResponse.jsp?RequestType=GetUserDomainName&userName... 5.3 - MEDIUM 2021-07-31 2021-08-10
CVE-2021-31857 In Zoho ManageEngine Password Manager Pro before 11.1 build 11104, attackers are able to retrieve credentials via a browser e... 5.9 - MEDIUM 2021-06-16 2022-07-12
CVE-2020-27449 Cross Site Scripting (XSS) vulnerability in Query Report feature in Zoho ManageEngine Password Manager Pro version 11001, all... 6.1 - MEDIUM 2023-08-11 2023-08-16
CVE-2020-9347 ** DISPUTED ** Zoho ManageEngine Password Manager Pro through 10.x has a CSV Excel Macro Injection vulnerability via a crafte... 9.8 - CRITICAL 2020-03-16 2023-11-07
CVE-2020-9346 Zoho ManageEngine Password Manager Pro 10.4 and prior has no protection against Cross-site Request Forgery (CSRF) attacks, as... 8.8 - HIGH 2020-03-16 2022-10-07
CVE-2019-12133 Multiple Zoho ManageEngine products suffer from local privilege escalation due to improper permissions for the %SYSTEMDRIVE%\... 7.8 - HIGH 2019-06-18 2020-08-24
CVE-2017-17698 Zoho ManageEngine Password Manager Pro 9 before 9.4 (9400) has reflected XSS in SearchResult.ec and BulkAccessControlView.ec. 6.1 - MEDIUM 2017-12-15 2017-12-29
CVE-2016-1159 In ZOHO Password Manager Pro (PMP) 8.3.0 (Build 8303) and 8.4.0 (Build 8400,8401,8402), underprivileged users can obtain sens... 6.5 - MEDIUM 2020-03-09 2020-03-10
CVE-2015-5459 SQL injection vulnerability in the AdvanceSearch.class in AdventNetPassTrix.jar in ManageEngine Password Manager Pro (PMP) be... 6.5 - MEDIUM 2015-07-08 2016-12-07
CVE-2014-3997 SQL injection vulnerability in the MetadataServlet servlet in ManageEngine Password Manager Pro (PMP) and Password Manager Pr... 7.5 - HIGH 2014-12-05 2019-07-16
Results limited to 10 most recent vulnerabilities

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationZohocorpManageengine Password Manager Pro9.9-AllAll
ApplicationZohocorpManageengine Password Manager Pro9.9build9900AllAll
ApplicationZohocorpManageengine Password Manager Pro9.9build9900AllAll
ApplicationZohocorpManageengine Password Manager Pro9.9build9901AllAll
ApplicationZohocorpManageengine Password Manager Pro9.9build9901AllAll
ApplicationZohocorpManageengine Password Manager Pro9.8build9800AllAll
ApplicationZohocorpManageengine Password Manager Pro9.8build9800AllAll
ApplicationZohocorpManageengine Password Manager Pro9.8build9801AllAll
ApplicationZohocorpManageengine Password Manager Pro9.8build9801AllAll
ApplicationZohocorpManageengine Password Manager Pro9.8build9802AllAll
ApplicationZohocorpManageengine Password Manager Pro9.8build9802AllAll
ApplicationZohocorpManageengine Password Manager Pro9.8build9803AllAll
ApplicationZohocorpManageengine Password Manager Pro9.8build9803AllAll
ApplicationZohocorpManageengine Password Manager Pro9.7build9700AllAll
ApplicationZohocorpManageengine Password Manager Pro9.7build9700AllAll
ApplicationZohocorpManageengine Password Manager Pro9.7build9701AllAll
ApplicationZohocorpManageengine Password Manager Pro9.7build9701AllAll
ApplicationZohocorpManageengine Password Manager Pro9.7build9702AllAll
ApplicationZohocorpManageengine Password Manager Pro9.7build9702AllAll
ApplicationZohocorpManageengine Password Manager Pro9.6build9600AllAll
Results limited to 20 most recent known configurations
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report