Vulnerability Details CVE-2020-21641
Out-of-Band XML External Entity (OOB-XXE) vulnerability in Zoho ManageEngine Analytics Plus before 4.3.5 allows remote attackers to read arbitrary files, enumerate folders and scan internal ports via crafted XML license file.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 48.4%
CVSS Severity
CVSS v3 Score 7.5
References
Products affected by CVE-2020-21641
-
cpe:2.3:a:zohocorp:manageengine_analytics_plus:-
-
cpe:2.3:a:zohocorp:manageengine_analytics_plus:1.0
-
cpe:2.3:a:zohocorp:manageengine_analytics_plus:2.9
-
cpe:2.3:a:zohocorp:manageengine_analytics_plus:3.0
-
cpe:2.3:a:zohocorp:manageengine_analytics_plus:3.1
-
cpe:2.3:a:zohocorp:manageengine_analytics_plus:3.2
-
cpe:2.3:a:zohocorp:manageengine_analytics_plus:3.3
-
cpe:2.3:a:zohocorp:manageengine_analytics_plus:3.4
-
cpe:2.3:a:zohocorp:manageengine_analytics_plus:3.5
-
cpe:2.3:a:zohocorp:manageengine_analytics_plus:3.6
-
cpe:2.3:a:zohocorp:manageengine_analytics_plus:3.7
-
cpe:2.3:a:zohocorp:manageengine_analytics_plus:3.8
-
cpe:2.3:a:zohocorp:manageengine_analytics_plus:3.9
-
cpe:2.3:a:zohocorp:manageengine_analytics_plus:4.0
-
cpe:2.3:a:zohocorp:manageengine_analytics_plus:4.1
-
cpe:2.3:a:zohocorp:manageengine_analytics_plus:4.2
-
cpe:2.3:a:zohocorp:manageengine_analytics_plus:4.3