Shodan
Vulnerabilities
Vulnerable Software
Zohocorp:  >> Manageengine Desktop Central  >> 10.0.290  Security Vulnerabilities
CVE-2020-8509
Zoho ManageEngine Desktop Central before 10.0.483 allows unauthenticated users to access PDFGenerationServlet, leading to sensitive information disclosure.
CVSS Score
7.5
EPSS Score
0.11
Published
2020-03-30
CVE-2020-8540
An XML external entity (XXE) vulnerability in Zoho ManageEngine Desktop Central before the 07-Mar-2020 update allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request.
CVSS Score
9.8
EPSS Score
0.225
Published
2020-03-11
CVE-2020-10189
Known exploited
Zoho ManageEngine Desktop Central before 10.0.474 allows remote code execution because of deserialization of untrusted data in getChartImage in the FileStorage class. This is related to the CewolfServlet and MDMLogUploaderServlet servlets.
CVSS Score
9.8
EPSS Score
0.942
Published
2020-03-06
CVE-2018-11716
An issue was discovered in Zoho ManageEngine Desktop Central before 100230. There is unauthenticated remote access to all log files of a Desktop Central instance containing critical information (private information such as location of enrolled devices, cleartext passwords, patching level, etc.) via a GET request on port 8022, 8443, or 8444.
CVSS Score
9.8
EPSS Score
0.095
Published
2018-07-16
CVE-2018-11717
An issue was discovered in Zoho ManageEngine Desktop Central before 100251. By leveraging access to a log file, a context-dependent attacker can obtain (depending on the modules configured) the Base64 encoded Password/Username of AD accounts, the cleartext Password/Username and mail settings of the EAS account (an AD account used to send mail), the cleartext password of recovery_password of Android devices, the cleartext password of account "set", the location of devices enrolled in the platform (with UUID and information related to the name of the person at the location), critical information about all enrolled devices such as Serial Number, UUID, Model, Name, and auth_session_token (usable to spoof a terminal identity on the platform), etc.
CVSS Score
9.8
EPSS Score
0.096
Published
2018-07-16


Products
Pricing
Contact Us

Shodan ® - All rights reserved