SSRF Vulnerability in Zoho Application Control Plus: Unauthorized Port and Network Discovery

SSRF Vulnerability in Zoho Application Control Plus: Unauthorized Port and Network Discovery

CVE-2020-15594 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

An SSRF issue was discovered in Zoho Application Control Plus before version 10.0.511. The mail gateway configuration feature allows an attacker to perform a scan in order to discover open ports on a machine as well as available machines on the network segment on which the instance of the product is deployed.

Learn more about our Network Penetration Testing.