OOB-XXE Vulnerability in Zoho ManageEngine Analytics Plus Allows Arbitrary File Reading and Port Scanning

OOB-XXE Vulnerability in Zoho ManageEngine Analytics Plus Allows Arbitrary File Reading and Port Scanning

CVE-2020-21641 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Out-of-Band XML External Entity (OOB-XXE) vulnerability in Zoho ManageEngine Analytics Plus before 4.3.5 allows remote attackers to read arbitrary files, enumerate folders and scan internal ports via crafted XML license file.

Learn more about our External Network Penetration Testing.