CVE-2020-8540

Severity CVSS v4.0:
Pending analysis
Type:
CWE-611 Improper Restriction of XML External Entity Reference ('XXE')
Publication date:
11/03/2020
Last modified:
21/07/2021

Description

An XML external entity (XXE) vulnerability in Zoho ManageEngine Desktop Central before the 07-Mar-2020 update allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:zohocorp:manageengine_desktop_central:*:*:*:*:*:*:*:* 2020-03-07 (excluding)