CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-15589

A design issue was discovered in GetInternetRequestHandle, InternetSendRequestEx and InternetSendRequestByBitrate in the client side of Zoho ManageEngine Desktop Central 10.0.552.W and Remote Access Plus before 10.1.2119.1. By exploiting this issue, an attacker-controlled server can force the client to skip TLS certificate validation, leading to a man-in-the-middle attack against HTTPS and unauthenticated remote code execution.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.044

EPSS Ranking 88.3%

CVSS Severity

CVSS v3 Score 8.1

CVSS v2 Score 6.8

References

Products affected by CVE-2020-15589

Zohocorp » Manageengine Desktop Central » Version: 10.0.552.w

cpe:2.3:a:zohocorp:manageengine_desktop_central:10.0.552.w
Zohocorp » Manageengine Remote Access Plus » Version: N/A

cpe:2.3:a:zohocorp:manageengine_remote_access_plus:-
Zohocorp » Manageengine Remote Access Plus » Version: 10.0.252

cpe:2.3:a:zohocorp:manageengine_remote_access_plus:10.0.252
Zohocorp » Manageengine Remote Access Plus » Version: 10.0.253

cpe:2.3:a:zohocorp:manageengine_remote_access_plus:10.0.253
Zohocorp » Manageengine Remote Access Plus » Version: 10.0.254

cpe:2.3:a:zohocorp:manageengine_remote_access_plus:10.0.254
Zohocorp » Manageengine Remote Access Plus » Version: 10.0.255

cpe:2.3:a:zohocorp:manageengine_remote_access_plus:10.0.255
Zohocorp » Manageengine Remote Access Plus » Version: 10.0.256

cpe:2.3:a:zohocorp:manageengine_remote_access_plus:10.0.256
Zohocorp » Manageengine Remote Access Plus » Version: 10.0.257

cpe:2.3:a:zohocorp:manageengine_remote_access_plus:10.0.257
Zohocorp » Manageengine Remote Access Plus » Version: 10.0.258

cpe:2.3:a:zohocorp:manageengine_remote_access_plus:10.0.258
Zohocorp » Manageengine Remote Access Plus » Version: 10.0.259

cpe:2.3:a:zohocorp:manageengine_remote_access_plus:10.0.259
Zohocorp » Manageengine Remote Access Plus » Version: 10.0.415

cpe:2.3:a:zohocorp:manageengine_remote_access_plus:10.0.415
Zohocorp » Manageengine Remote Access Plus » Version: 10.0.416

cpe:2.3:a:zohocorp:manageengine_remote_access_plus:10.0.416
Zohocorp » Manageengine Remote Access Plus » Version: 10.0.421

cpe:2.3:a:zohocorp:manageengine_remote_access_plus:10.0.421
Zohocorp » Manageengine Remote Access Plus » Version: 10.0.422

cpe:2.3:a:zohocorp:manageengine_remote_access_plus:10.0.422
Zohocorp » Manageengine Remote Access Plus » Version: 10.0.428

cpe:2.3:a:zohocorp:manageengine_remote_access_plus:10.0.428
Zohocorp » Manageengine Remote Access Plus » Version: 10.0.430

cpe:2.3:a:zohocorp:manageengine_remote_access_plus:10.0.430
Zohocorp » Manageengine Remote Access Plus » Version: 10.0.431

cpe:2.3:a:zohocorp:manageengine_remote_access_plus:10.0.431
Zohocorp » Manageengine Remote Access Plus » Version: 10.0.432

cpe:2.3:a:zohocorp:manageengine_remote_access_plus:10.0.432
Zohocorp » Manageengine Remote Access Plus » Version: 10.0.433

cpe:2.3:a:zohocorp:manageengine_remote_access_plus:10.0.433
Zohocorp » Manageengine Remote Access Plus » Version: 10.0.434

cpe:2.3:a:zohocorp:manageengine_remote_access_plus:10.0.434
Zohocorp » Manageengine Remote Access Plus » Version: 10.0.435

cpe:2.3:a:zohocorp:manageengine_remote_access_plus:10.0.435
Zohocorp » Manageengine Remote Access Plus » Version: 10.0.436

cpe:2.3:a:zohocorp:manageengine_remote_access_plus:10.0.436
Zohocorp » Manageengine Remote Access Plus » Version: 10.0.440

cpe:2.3:a:zohocorp:manageengine_remote_access_plus:10.0.440
Zohocorp » Manageengine Remote Access Plus » Version: 10.0.447

cpe:2.3:a:zohocorp:manageengine_remote_access_plus:10.0.447
Zohocorp » Manageengine Remote Access Plus » Version: 10.0.448

cpe:2.3:a:zohocorp:manageengine_remote_access_plus:10.0.448
Zohocorp » Manageengine Remote Access Plus » Version: 10.0.450

cpe:2.3:a:zohocorp:manageengine_remote_access_plus:10.0.450
Zohocorp » Manageengine Remote Access Plus » Version: 10.0.451

cpe:2.3:a:zohocorp:manageengine_remote_access_plus:10.0.451
Zohocorp » Manageengine Remote Access Plus » Version: 10.0.452

cpe:2.3:a:zohocorp:manageengine_remote_access_plus:10.0.452
Zohocorp » Manageengine Remote Access Plus » Version: 10.0.453

cpe:2.3:a:zohocorp:manageengine_remote_access_plus:10.0.453
Zohocorp » Manageengine Remote Access Plus » Version: 10.0.454

cpe:2.3:a:zohocorp:manageengine_remote_access_plus:10.0.454
Zohocorp » Manageengine Remote Access Plus » Version: 10.0.465

cpe:2.3:a:zohocorp:manageengine_remote_access_plus:10.0.465
Zohocorp » Manageengine Remote Access Plus » Version: 10.0.466

cpe:2.3:a:zohocorp:manageengine_remote_access_plus:10.0.466
Zohocorp » Manageengine Remote Access Plus » Version: 10.0.468

cpe:2.3:a:zohocorp:manageengine_remote_access_plus:10.0.468
Zohocorp » Manageengine Remote Access Plus » Version: 10.0.469

cpe:2.3:a:zohocorp:manageengine_remote_access_plus:10.0.469
Zohocorp » Manageengine Remote Access Plus » Version: 10.0.472

cpe:2.3:a:zohocorp:manageengine_remote_access_plus:10.0.472
Zohocorp » Manageengine Remote Access Plus » Version: 10.0.473

cpe:2.3:a:zohocorp:manageengine_remote_access_plus:10.0.473
Zohocorp » Manageengine Remote Access Plus » Version: 10.0.476

cpe:2.3:a:zohocorp:manageengine_remote_access_plus:10.0.476

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-15589

Products

Pricing

Contact Us