Vulnerabilities > Zohocorp > Manageengine Adaudit Plus > 4.1.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-05-08 | CVE-2020-11532 | Insecure Default Initialization of Resource vulnerability in Zohocorp products Zoho ManageEngine DataSecurity Plus prior to 6.0.1 uses default admin credentials to communicate with a DataEngine Xnode server. | 9.8 |
| 2020-05-08 | CVE-2020-11531 | Path Traversal vulnerability in Zohocorp products The DataEngine Xnode Server application in Zoho ManageEngine DataSecurity Plus prior to 6.0.1 does not validate the database schema name when handling a DR-SCHEMA-SYNC request. | 8.8 |
| 2018-12-13 | CVE-2018-19118 | Out-of-bounds Write vulnerability in Zohocorp Manageengine Adaudit Plus 4.1.0/4.5.0/5.0.0 Zoho ManageEngine ADAudit before 5.1 build 5120 allows remote attackers to cause a denial of service (stack-based buffer overflow) via the 'Domain Name' field when adding a new domain. | 7.5 |
| 2018-05-29 | CVE-2018-10466 | SQL Injection vulnerability in Zohocorp Manageengine Adaudit Plus 4.1.0/4.5.0 Zoho ManageEngine ADAudit Plus before 5.0.0 build 5100 allows blind SQL Injection. | 9.8 |