XML External Entity Vulnerability in Zoho ManageEngine Desktop Central
CVE-2020-8540

9.8CRITICAL

Key Information:

Vendor: Zohocorp
Status: Manageengine Desktop Central
Vendor: CVE Published:; 11 March 2020

What is CVE-2020-8540?

An XML external entity vulnerability exists in Zoho ManageEngine Desktop Central, allowing remote unauthenticated users to exploit crafted Document Type Definitions (DTDs) in XML requests. This security flaw could enable attackers to read arbitrary files on the server and perform server-side request forgery (SSRF) attacks, compromising the integrity of sensitive system data.

References

https://www.manageengine.com/products/desktop-central/xxe...

x_refsource_CONFIRM

EPSS Score

22% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 11, 2020
Vulnerability Reserved
Feb 3, 2020

Zohocorp

What is CVE-2020-8540?

References

EPSS Score

CVSS V3.1

Timeline