Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Zoho ManageEngine DataSecurity Plus prior to 6.0.1 uses default admin credentials to communicate with a DataEngine Xnode server. This allows an attacker to bypass authentication for this server and execute all operations in the context of admin user.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
ZOHO ManageEngine DataSecurity Plus 授权问题漏洞
Vulnerability Description
ZOHO ManageEngine DataSecurity Plus是美国卓豪(ZOHO)公司的一套敏感数据管理解决方案。该产品具有数据防泄漏、数据风险评估和文件服务器审核等功能。 ZOHO ManageEngine DataSecurity Plus 6.0.1之前版本中存在安全漏洞,该漏洞源于程序使用默认管理员凭据与DataEngine Xnode服务器进行通信。攻击者可利用该漏洞绕过身份验证,并在admin用户上下文中执行任意操作。
CVSS Information
N/A
Vulnerability Type
N/A