CVE-2020-8540

CWE-611 — XML External Entity (XXE)CWE-918 — Server-Side Request Forgery (SSRF)3 documents3 sources

Severity

9.8CRITICAL

EPSS

24.1%

top 3.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Zohocorp Manageengine Desktop Central

Timeline

PublishedMar 11

Latest updateMay 24

Description

An XML external entity (XXE) vulnerability in Zoho ManageEngine Desktop Central before the 07-Mar-2020 update allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

▶NVDzohocorp/manageengine_desktop_central< 2020-03-07

🔴Vulnerability Details

GHSA

GHSA-m2r7-w5rx-6vqg: An XML external entity (XXE) vulnerability iin Zoho ManageEngine Desktop Central before the 07-Mar-2020 update allows remote unauthenticated users to↗2022-05-24

▶

CVEList

CVE-2020-8540: An XML external entity (XXE) vulnerability in Zoho ManageEngine Desktop Central before the 07-Mar-2020 update allows remote unauthenticated users to r↗2020-03-11

▶