VYPR

ManageEngine Cloud Security Plus

by Zoho

CVEs (5)

  • CVE-2020-11532CriMay 8, 2020
    risk 0.73cvss 9.8epss 0.77

    Zoho ManageEngine DataSecurity Plus prior to 6.0.1 uses default admin credentials to communicate with a DataEngine Xnode server. This allows an attacker to bypass authentication for this server and execute all operations in the context of admin user.

  • CVE-2020-24786CriAug 31, 2020
    risk 0.65cvss 9.8epss 0.13

    An issue was discovered in Zoho ManageEngine Exchange Reporter Plus before build number 5510, AD360 before build number 4228, ADSelfService Plus before build number 5817, DataSecurity Plus before build number 6033, RecoverManager Plus before build number 6017, EventLog Analyzer…

  • CVE-2020-11531HigMay 8, 2020
    risk 0.58cvss 8.8epss 0.14

    The DataEngine Xnode Server application in Zoho ManageEngine DataSecurity Plus prior to 6.0.1 does not validate the database schema name when handling a DR-SCHEMA-SYNC request. This allows an authenticated attacker to execute code in the context of the product by writing a JSP…

  • CVE-2021-40173HigAug 29, 2021
    risk 0.57cvss 8.8epss 0.01

    Zoho ManageEngine Cloud Security Plus before Build 4117 allows a CSRF attack on the server proxy settings.

  • CVE-2019-17112MedOct 9, 2019
    risk 0.28cvss 4.3epss 0.02

    An issue was discovered in Zoho ManageEngine DataSecurity Plus before 5.0.1 5012. An exposed service allows a basic user ("Operator" access level) to access the configuration file of the mail server (except for the password).