CVE-2020-15594

Published: Sep 30, 2020Modified: May 30, 2025

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

An SSRF issue was discovered in Zoho Application Control Plus before version 10.0.511. The mail gateway configuration feature allows an attacker to perform a scan in order to discover open ports on a machine as well as available machines on the network segment on which the instance of the product is deployed.

Affected (1)

Products: Zohocorp: Manageengine Application Control Plus

1 product

Manageengine Application Control Plus

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Zohocorp Manageengine Application Control Plus	Before 10.0.511

Related CWEs

Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

References (3)

https://cds.thalesgroup.com/en/tcs-cert/CVE-2020-15594

Source: cve@mitre.org

https://excellium-services.com/cert-xlm-advisory/cve-2020-15594/

Source: cve@mitre.org

Third Party Advisory

https://excellium-services.com/cert-xlm-advisory/cve-2020-15594/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.