GCVE - cpe:2.3:a:manageengine:opmanager:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:manageengine:opmanager:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Manageengine (`b7eba64e-d5d7-5395-be8c-84fe138ee37e`)
Product	Opmanager (`d3e8676d-3b20-5827-8b95-bccae49cd4e8`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-41437`	vulnerable	2026-06-03 15:01:14.892314	Reflected XSS MEDIUM (4.3) Zohocorp ManageEngine OpManager, NetFlow Analyzer, Network Configuration Manager, Firewall Analyzer and OpUtils versions 128565 and below are vulnerable to Reflected XSS on the login page. Published: 2025-06-09T10:44:08.879Z Updated: 2025-06-09T16:22:33.279Z Open on db.gcve.eu Reference links https://www.manageengine.com/itom/advisory/cve-2025-41437.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-6748`	vulnerable	2026-06-03 14:58:04.047933	SQL Injection HIGH (8.3) Zohocorp ManageEngine OpManager, OpManager Plus, OpManager MSP and RMM versions 128317 and below are vulnerable to authenticated SQL injection in the URL monitoring. Published: 2024-07-29T16:20:16.449Z Updated: 2024-08-01T21:41:04.605Z Open on db.gcve.eu Reference links https://www.manageengine.com/itom/advisory/cve-2024-6748.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-47211`	vulnerable	2026-06-03 14:53:17.088370	Details available CRITICAL (9.1) A directory traversal vulnerability exists in the uploadMib functionality of ManageEngine OpManager 12.7.258. A specially crafted HTTP request can lead to arbitrary file creation. An attacker can send a malicious MiB file to trigger this vulnerability. Published: 2024-01-08T14:45:37.183Z Updated: 2025-11-04T18:19:03.852Z Open on db.gcve.eu Reference links https://talosintelligence.com/vulnerability_reports/TALOS-2023-1851 https://www.manageengine.com/itom/advisory/cve-2023-47211.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-43473`	vulnerable	2026-06-03 14:48:14.291599	Details available MEDIUM (5.8) A blind XML External Entity (XXE) vulnerability exists in the Add UCS Device functionality of ManageEngine OpManager 12.6.168. A specially crafted XML file can lead to SSRF. An attacker can serve a malicious XML payload to trigger this vulnerability. Published: 2023-03-30T16:28:35.983Z Updated: 2025-02-11T19:14:03.416Z Open on db.gcve.eu Reference links https://talosintelligence.com/vulnerability_reports/TALOS-2022-1685 https://www.manageengine.com/itom/advisory/cve-2022-43473.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-19554`	vulnerable	2026-06-03 14:41:54.802180	Details available Cross Site Scripting (XSS) vulnerability exists in ManageEngine OPManager <=12.5.174 when the API key contains an XML-based XSS payload. Published: 2021-09-21T19:07:47.000Z Updated: 2024-08-04T14:15:27.799Z Open on db.gcve.eu Reference links https://www.manageengine.com/network-monitoring/help/read-me-complete.html#125177	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.