CVE-2020-11531 vulnerability in Zoho Corp Products
Published on May 8, 2020

The DataEngine Xnode Server application in Zoho ManageEngine DataSecurity Plus prior to 6.0.1 does not validate the database schema name when handling a DR-SCHEMA-SYNC request. This allows an authenticated attacker to execute code in the context of the product by writing a JSP file to the webroot directory via directory traversal.

NVD

Products Associated with CVE-2020-11531

stack.watch emails you whenever new vulnerabilities are published in Zoho Corp Manageengine Adaudit Plus or Zoho Corp Manageengine Datasecurity Plus. Just hit a watch button to start following.

Zoho Corp Manageengine Adaudit Plus

Zoho Corp Manageengine Datasecurity Plus

Exploit Probability

EPSS

8.23%

Percentile

92.07%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2020-11531 vulnerability in Zoho Corp ProductsPublished on May 8, 2020

Products Associated with CVE-2020-11531

Exploit Probability

CVE-2020-11531 vulnerability in Zoho Corp Products
Published on May 8, 2020