CVE-2020-11532

Zoho ManageEngine DataSecurity Plus prior to 6.0.1 uses default admin credentials to communicate with a DataEngine Xnode server. This allows an attacker to bypass authentication for this server and execute all operations in the context of admin user.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:zohocorp:manageengine_adaudit_plus:*:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:*:*:*:*:*:*:*:*

Information

Published : 2020-05-08 14:15

Updated : 2021-07-21 04:39


NVD link : CVE-2020-11532

Mitre link : CVE-2020-11532


JSON object : View

CWE
CWE-1188

Insecure Default Initialization of Resource

Advertisement

dedicated server usa

Products Affected

zohocorp

  • manageengine_datasecurity_plus
  • manageengine_adaudit_plus