CVE-2020-15595
Last modified
CVE-2020-15595 is a medium-severity vulnerability rated 4.3/10 on the CVSS scale. An issue was discovered in Zoho Application Control Plus before version 10.0.511. The Element Configuration feature (to configure elements included in the scope of elements managed by the product) allows an attacker to retrieve the entire list of the IP ranges and subnets configured in the product and consequently obtain information about the cartography of the internal networks to which the product has access.. EPSS estimates a 2.21% chance of exploitation in the next 30 days.
Description
An issue was discovered in Zoho Application Control Plus before version 10.0.511. The Element Configuration feature (to configure elements included in the scope of elements managed by the product) allows an attacker to retrieve the entire list of the IP ranges and subnets configured in the product and consequently obtain information about the cartography of the internal networks to which the product has access.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Zohocorp | Manageengine Application Control Plus | < 10.0.511 |
References
- https://excellium-services.com/cert-xlm-advisory/CVE-2020-15595Exploit, Third Party Advisory
- https://excellium-services.com/cert-xlm-advisory/CVE-2020-15595Exploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-15595?
How severe is CVE-2020-15595?
How do I fix CVE-2020-15595?
Are you affected by CVE-2020-15595?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST