What is CVE-2020-11532?

CVE-2020-11532 is a vulnerability in N/a. Published 2020-05-08.

Is CVE-2020-11532 known to be exploited?

5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2020-11532

Zoho ManageEngine DataSecurity Plus prior to 6.0.1 uses default admin credentials to communicate with a DataEngine Xnode server. This allows an attacker to bypass authentication for this server and execute all operations in the context of…

EPSS: 0.898 (99.6th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

rapid7/metasploit-framework
rapid7/metasploit-framework
20142995/nuclei-templates
ARPSyndicate/cvemon
cyb3r-w0lf/nuclei-template-collection

References

seclists.org/fulldisclosure/2020/May/28 (x_refsource_MISC)
packetstormsecurity.com/files/157609/ManageEngine-DataSecurity-Plus-Authenticat… (x_refsource_MISC)
pitstop.manageengine.com/portal/community/topic/upgrade-datasecurity-plus-to-th… (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2020-11532?: CVE-2020-11532 is a vulnerability in N/a. Published 2020-05-08.
Is CVE-2020-11532 known to be exploited?: 5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.