Vulnerability Details CVE-2020-8540
An XML external entity (XXE) vulnerability in Zoho ManageEngine Desktop Central before the 07-Mar-2020 update allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.225
EPSS Ranking 95.5%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
Products affected by CVE-2020-8540
-
cpe:2.3:a:zohocorp:manageengine_desktop_central:-
-
cpe:2.3:a:zohocorp:manageengine_desktop_central:10
-
cpe:2.3:a:zohocorp:manageengine_desktop_central:10.0
-
cpe:2.3:a:zohocorp:manageengine_desktop_central:10.0.0
-
cpe:2.3:a:zohocorp:manageengine_desktop_central:10.0.124
-
cpe:2.3:a:zohocorp:manageengine_desktop_central:10.0.137
-
cpe:2.3:a:zohocorp:manageengine_desktop_central:10.0.184
-
cpe:2.3:a:zohocorp:manageengine_desktop_central:10.0.255
-
cpe:2.3:a:zohocorp:manageengine_desktop_central:10.0.271
-
cpe:2.3:a:zohocorp:manageengine_desktop_central:10.0.289
-
cpe:2.3:a:zohocorp:manageengine_desktop_central:10.0.290
-
cpe:2.3:a:zohocorp:manageengine_desktop_central:10.0.380
-
cpe:2.3:a:zohocorp:manageengine_desktop_central:10.0.430
-
cpe:2.3:a:zohocorp:manageengine_desktop_central:10.0.479
-
cpe:2.3:a:zohocorp:manageengine_desktop_central:10.0.483
-
cpe:2.3:a:zohocorp:manageengine_desktop_central:10.0.484
-
cpe:2.3:a:zohocorp:manageengine_desktop_central:10.0.486
-
cpe:2.3:a:zohocorp:manageengine_desktop_central:10.0.533
-
cpe:2.3:a:zohocorp:manageengine_desktop_central:10.0.552.w
-
cpe:2.3:a:zohocorp:manageengine_desktop_central:10.0.561
-
cpe:2.3:a:zohocorp:manageengine_desktop_central:10.0.647
-
cpe:2.3:a:zohocorp:manageengine_desktop_central:10.1.2119.7
-
cpe:2.3:a:zohocorp:manageengine_desktop_central:10.1.2127.17
-
cpe:2.3:a:zohocorp:manageengine_desktop_central:10.1.2127.18
-
cpe:2.3:a:zohocorp:manageengine_desktop_central:10.1.2128.0
-
cpe:2.3:a:zohocorp:manageengine_desktop_central:10.1.2137.2
-
cpe:2.3:a:zohocorp:manageengine_desktop_central:10.1.2137.3
-
cpe:2.3:a:zohocorp:manageengine_desktop_central:10.1.2137.8
-
cpe:2.3:a:zohocorp:manageengine_desktop_central:10.1.2137.9
-
cpe:2.3:a:zohocorp:manageengine_desktop_central:10.1.2228.10
-
cpe:2.3:a:zohocorp:manageengine_desktop_central:7.0
-
cpe:2.3:a:zohocorp:manageengine_desktop_central:7.0.0
-
cpe:2.3:a:zohocorp:manageengine_desktop_central:7.0.1
-
cpe:2.3:a:zohocorp:manageengine_desktop_central:8.0.0
-
cpe:2.3:a:zohocorp:manageengine_desktop_central:9.0
-
cpe:2.3:a:zohocorp:manageengine_desktop_central:9.1.0