XML External Entity (XXE) Vulnerability in Zoho ManageEngine Desktop Central Allows Remote File Read and SSRF Attacks

XML External Entity (XXE) Vulnerability in Zoho ManageEngine Desktop Central Allows Remote File Read and SSRF Attacks

CVE-2020-8540 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

An XML external entity (XXE) vulnerability in Zoho ManageEngine Desktop Central before the 07-Mar-2020 update allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request.

Learn more about our Cis Benchmark Audit For Desktop Software.