CVE-2020-15595Incorrect Permission Assignment in Manageengine Application Control Plus

CWE-732Incorrect Permission Assignment3 documents3 sources
Severity
4.3MEDIUMNVD
EPSS
2.2%
top 15.63%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Zohocorp Manageengine Application Control Plus
Timeline
PublishedSep 30
Latest updateMay 24

Description

An issue was discovered in Zoho Application Control Plus before version 10.0.511. The Element Configuration feature (to configure elements included in the scope of elements managed by the product) allows an attacker to retrieve the entire list of the IP ranges and subnets configured in the product and consequently obtain information about the cartography of the internal networks to which the product has access.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-xjrh-8gjh-h7rm: An issue was discovered in Zoho Application Control Plus before version 102022-05-24
CVEList
CVE-2020-15595: An issue was discovered in Zoho Application Control Plus before version 102020-09-29
CVE-2020-15595 — Incorrect Permission Assignment | cvebase