CVE-2020-11531

The DataEngine Xnode Server application in Zoho ManageEngine DataSecurity Plus prior to 6.0.1 does not validate the database schema name when handling a DR-SCHEMA-SYNC request. This allows an authenticated attacker to execute code in the context of the product by writing a JSP file to the webroot directory via directory traversal.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:zohocorp:manageengine_adaudit_plus:*:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:*:*:*:*:*:*:*:*

Information

Published : 2020-05-08 14:15

Updated : 2020-05-18 05:15


NVD link : CVE-2020-11531

Mitre link : CVE-2020-11531


JSON object : View

CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Advertisement

dedicated server usa

Products Affected

zohocorp

  • manageengine_datasecurity_plus
  • manageengine_adaudit_plus