CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-15588

An issue was discovered in the client side of Zoho ManageEngine Desktop Central 10.0.552.W. An attacker-controlled server can trigger an integer overflow in InternetSendRequestEx and InternetSendRequestByBitrate that leads to a heap-based buffer overflow and Remote Code Execution with SYSTEM privileges. This issue will occur only when untrusted communication is initiated with server. In cloud, Agent will always connect with trusted communication.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.06

EPSS Ranking 90.1%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

References

Products affected by CVE-2020-15588

Zohocorp » Manageengine Desktop Central » Version: N/A

cpe:2.3:a:zohocorp:manageengine_desktop_central:-
Zohocorp » Manageengine Desktop Central » Version: 10

cpe:2.3:a:zohocorp:manageengine_desktop_central:10
Zohocorp » Manageengine Desktop Central » Version: 10.0

cpe:2.3:a:zohocorp:manageengine_desktop_central:10.0
Zohocorp » Manageengine Desktop Central » Version: 10.0.0

cpe:2.3:a:zohocorp:manageengine_desktop_central:10.0.0
Zohocorp » Manageengine Desktop Central » Version: 10.0.124

cpe:2.3:a:zohocorp:manageengine_desktop_central:10.0.124
Zohocorp » Manageengine Desktop Central » Version: 10.0.137

cpe:2.3:a:zohocorp:manageengine_desktop_central:10.0.137
Zohocorp » Manageengine Desktop Central » Version: 10.0.184

cpe:2.3:a:zohocorp:manageengine_desktop_central:10.0.184
Zohocorp » Manageengine Desktop Central » Version: 10.0.255

cpe:2.3:a:zohocorp:manageengine_desktop_central:10.0.255
Zohocorp » Manageengine Desktop Central » Version: 10.0.271

cpe:2.3:a:zohocorp:manageengine_desktop_central:10.0.271
Zohocorp » Manageengine Desktop Central » Version: 10.0.289

cpe:2.3:a:zohocorp:manageengine_desktop_central:10.0.289
Zohocorp » Manageengine Desktop Central » Version: 10.0.290

cpe:2.3:a:zohocorp:manageengine_desktop_central:10.0.290
Zohocorp » Manageengine Desktop Central » Version: 10.0.380

cpe:2.3:a:zohocorp:manageengine_desktop_central:10.0.380
Zohocorp » Manageengine Desktop Central » Version: 10.0.430

cpe:2.3:a:zohocorp:manageengine_desktop_central:10.0.430
Zohocorp » Manageengine Desktop Central » Version: 10.0.479

cpe:2.3:a:zohocorp:manageengine_desktop_central:10.0.479
Zohocorp » Manageengine Desktop Central » Version: 10.0.483

cpe:2.3:a:zohocorp:manageengine_desktop_central:10.0.483
Zohocorp » Manageengine Desktop Central » Version: 10.0.484

cpe:2.3:a:zohocorp:manageengine_desktop_central:10.0.484
Zohocorp » Manageengine Desktop Central » Version: 10.0.486

cpe:2.3:a:zohocorp:manageengine_desktop_central:10.0.486
Zohocorp » Manageengine Desktop Central » Version: 10.0.533

cpe:2.3:a:zohocorp:manageengine_desktop_central:10.0.533
Zohocorp » Manageengine Desktop Central » Version: 10.0.552.w

cpe:2.3:a:zohocorp:manageengine_desktop_central:10.0.552.w
Zohocorp » Manageengine Desktop Central » Version: 7.0

cpe:2.3:a:zohocorp:manageengine_desktop_central:7.0
Zohocorp » Manageengine Desktop Central » Version: 7.0.0

cpe:2.3:a:zohocorp:manageengine_desktop_central:7.0.0
Zohocorp » Manageengine Desktop Central » Version: 7.0.1

cpe:2.3:a:zohocorp:manageengine_desktop_central:7.0.1
Zohocorp » Manageengine Desktop Central » Version: 8.0.0

cpe:2.3:a:zohocorp:manageengine_desktop_central:8.0.0
Zohocorp » Manageengine Desktop Central » Version: 9.0

cpe:2.3:a:zohocorp:manageengine_desktop_central:9.0
Zohocorp » Manageengine Desktop Central » Version: 9.1.0

cpe:2.3:a:zohocorp:manageengine_desktop_central:9.1.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-15588

Products

Pricing

Contact Us