CVE-2020-10859: Path Traversal
First published: Tue May 05 2020(Updated: )
Zoho ManageEngine Desktop Central before 10.0.484 allows authenticated arbitrary file writes during ZIP archive extraction via Directory Traversal in a crafted AppDependency API request.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zohocorp Manageengine Desktop Central | <10.0.484 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this vulnerability?
The vulnerability ID of this vulnerability is CVE-2020-10859.
What is the severity of CVE-2020-10859?
CVE-2020-10859 has a severity rating of medium with a value of 6.5.
What is the affected software for CVE-2020-10859?
The affected software for CVE-2020-10859 is Zoho ManageEngine Desktop Central before version 10.0.484.
How does CVE-2020-10859 work?
CVE-2020-10859 allows authenticated users to perform arbitrary file writes during ZIP archive extraction by exploiting a directory traversal vulnerability in a crafted AppDependency API request.
Is there a fix for CVE-2020-10859?
Yes, the fix for CVE-2020-10859 is to upgrade to Zoho ManageEngine Desktop Central version 10.0.484 or later.
- collector/nvd-index
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/description
- agent/tags
- agent/type
- agent/event
- vendor/zohocorp
- canonical/zohocorp manageengine desktop central