CyberSec.Space Logo
CVEブラウザに戻る

CVE-2020-8540

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0150%
EPSS Percentile17.91th
Published2020年3月11日
Last Modified2024年11月21日

Vulnerability Description

An XML external entity (XXE) vulnerability in Zoho ManageEngine Desktop Central before the 07-Mar-2020 update allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request.

Affected Platforms (CPE)

📦
Zohocorp

Manageengine Desktop Central

< 2020-03-07

References & Advisories

🔗 https://www.manageengine.com/products/desktop-central/xxe-vulnerability.html
🔗 https://www.manageengine.com/products/desktop-central/xxe-vulnerability.html

関連する脆弱性情報

CVE-2017-721310.0

Zoho ManageEngine Desktop Central before build 100082 allows remote attackers to obtain control over all connected active desktops...

CVE-2014-937110.0

The NativeAppServlet in ManageEngine Desktop Central MSP before 90075 allows remote attackers to execute arbitrary code via a craf...

CVE-2020-155889.8

An issue was discovered in the client side of Zoho ManageEngine Desktop Central 10.0.552.W. An attacker-controlled server can trig...

CVE-2020-101899.8

Zoho ManageEngine Desktop Central before 10.0.474 allows remote code execution because of deserialization of untrusted data in get...