CVE-2020-11531 vulnerability in Zoho Corp Products
Published on May 8, 2020

The DataEngine Xnode Server application in Zoho ManageEngine DataSecurity Plus prior to 6.0.1 does not validate the database schema name when handling a DR-SCHEMA-SYNC request. This allows an authenticated attacker to execute code in the context of the product by writing a JSP file to the webroot directory via directory traversal.

NVD

Products Associated with CVE-2020-11531

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2020-11531 are published in these products:

Zoho Corp Manageengine Adaudit Plus

Zoho Corp Manageengine Datasecurity Plus

Exploit Probability

EPSS

8.23%

Percentile

92.04%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2020-11531 vulnerability in Zoho Corp ProductsPublished on May 8, 2020

Products Associated with CVE-2020-11531

Exploit Probability

CVE-2020-11531 vulnerability in Zoho Corp Products
Published on May 8, 2020