ManageEngine Cloud Security Plus
by Zoho
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-11532 | Cri | 0.73 | 9.8 | 0.77 | May 8, 2020 | Zoho ManageEngine DataSecurity Plus prior to 6.0.1 uses default admin credentials to communicate with a DataEngine Xnode server. This allows an attacker to bypass authentication for this server and execute all operations in the context of admin user. | ||
| CVE-2020-24786 | Cri | 0.65 | 9.8 | 0.13 | Aug 31, 2020 | An issue was discovered in Zoho ManageEngine Exchange Reporter Plus before build number 5510, AD360 before build number 4228, ADSelfService Plus before build number 5817, DataSecurity Plus before build number 6033, RecoverManager Plus before build number 6017, EventLog Analyzer… | ||
| CVE-2020-11531 | Hig | 0.58 | 8.8 | 0.14 | May 8, 2020 | The DataEngine Xnode Server application in Zoho ManageEngine DataSecurity Plus prior to 6.0.1 does not validate the database schema name when handling a DR-SCHEMA-SYNC request. This allows an authenticated attacker to execute code in the context of the product by writing a JSP… | ||
| CVE-2021-40173 | Hig | 0.57 | 8.8 | 0.01 | Aug 29, 2021 | Zoho ManageEngine Cloud Security Plus before Build 4117 allows a CSRF attack on the server proxy settings. | ||
| CVE-2019-17112 | Med | 0.28 | 4.3 | 0.02 | Oct 9, 2019 | An issue was discovered in Zoho ManageEngine DataSecurity Plus before 5.0.1 5012. An exposed service allows a basic user ("Operator" access level) to access the configuration file of the mail server (except for the password). |
- risk 0.73cvss 9.8epss 0.77
Zoho ManageEngine DataSecurity Plus prior to 6.0.1 uses default admin credentials to communicate with a DataEngine Xnode server. This allows an attacker to bypass authentication for this server and execute all operations in the context of admin user.
- risk 0.65cvss 9.8epss 0.13
An issue was discovered in Zoho ManageEngine Exchange Reporter Plus before build number 5510, AD360 before build number 4228, ADSelfService Plus before build number 5817, DataSecurity Plus before build number 6033, RecoverManager Plus before build number 6017, EventLog Analyzer…
- risk 0.58cvss 8.8epss 0.14
The DataEngine Xnode Server application in Zoho ManageEngine DataSecurity Plus prior to 6.0.1 does not validate the database schema name when handling a DR-SCHEMA-SYNC request. This allows an authenticated attacker to execute code in the context of the product by writing a JSP…
- risk 0.57cvss 8.8epss 0.01
Zoho ManageEngine Cloud Security Plus before Build 4117 allows a CSRF attack on the server proxy settings.
- risk 0.28cvss 4.3epss 0.02
An issue was discovered in Zoho ManageEngine DataSecurity Plus before 5.0.1 5012. An exposed service allows a basic user ("Operator" access level) to access the configuration file of the mail server (except for the password).