Vulnerability Details CVE-2020-10859
Zoho ManageEngine Desktop Central before 10.0.484 allows authenticated arbitrary file writes during ZIP archive extraction via Directory Traversal in a crafted AppDependency API request.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.043
EPSS Ranking 88.3%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.0
References
Products affected by CVE-2020-10859
-
cpe:2.3:a:zohocorp:manageengine_desktop_central:-
-
cpe:2.3:a:zohocorp:manageengine_desktop_central:10
-
cpe:2.3:a:zohocorp:manageengine_desktop_central:10.0
-
cpe:2.3:a:zohocorp:manageengine_desktop_central:10.0.0
-
cpe:2.3:a:zohocorp:manageengine_desktop_central:10.0.124
-
cpe:2.3:a:zohocorp:manageengine_desktop_central:10.0.137
-
cpe:2.3:a:zohocorp:manageengine_desktop_central:10.0.184
-
cpe:2.3:a:zohocorp:manageengine_desktop_central:10.0.255
-
cpe:2.3:a:zohocorp:manageengine_desktop_central:10.0.271
-
cpe:2.3:a:zohocorp:manageengine_desktop_central:10.0.289
-
cpe:2.3:a:zohocorp:manageengine_desktop_central:10.0.290
-
cpe:2.3:a:zohocorp:manageengine_desktop_central:10.0.380
-
cpe:2.3:a:zohocorp:manageengine_desktop_central:10.0.430
-
cpe:2.3:a:zohocorp:manageengine_desktop_central:10.0.479
-
cpe:2.3:a:zohocorp:manageengine_desktop_central:10.0.483
-
cpe:2.3:a:zohocorp:manageengine_desktop_central:7.0
-
cpe:2.3:a:zohocorp:manageengine_desktop_central:7.0.0
-
cpe:2.3:a:zohocorp:manageengine_desktop_central:7.0.1
-
cpe:2.3:a:zohocorp:manageengine_desktop_central:8.0.0
-
cpe:2.3:a:zohocorp:manageengine_desktop_central:9.0
-
cpe:2.3:a:zohocorp:manageengine_desktop_central:9.1.0