Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Manageengine Datasecurity Plus Security Vulnerabilities - 2020

cve
cve

CVE-2020-11531

The DataEngine Xnode Server application in Zoho ManageEngine DataSecurity Plus prior to 6.0.1 does not validate the database schema name when handling a DR-SCHEMA-SYNC request. This allows an authenticated attacker to execute code in the context of the product by writing a JSP file to the webroot d...

8.8CVSS

8.6AI Score

0.057EPSS

2020-05-08 09:15 PM
168
cve
cve

CVE-2020-11532

Zoho ManageEngine DataSecurity Plus prior to 6.0.1 uses default admin credentials to communicate with a DataEngine Xnode server. This allows an attacker to bypass authentication for this server and execute all operations in the context of admin user.

9.8CVSS

9.5AI Score

0.347EPSS

2020-05-08 09:15 PM
172
cve
cve

CVE-2020-24786

An issue was discovered in Zoho ManageEngine Exchange Reporter Plus before build number 5510, AD360 before build number 4228, ADSelfService Plus before build number 5817, DataSecurity Plus before build number 6033, RecoverManager Plus before build number 6017, EventLog Analyzer before build number ...

9.8CVSS

9.4AI Score

0.024EPSS

2020-08-31 03:15 PM
39