What is the severity of CVE-2020-8540?

The severity of CVE-2020-8540 is critical with a CVSS score of 9.8.

How can remote attackers exploit CVE-2020-8540?

Remote unauthenticated users can exploit CVE-2020-8540 by reading arbitrary files or conducting server-side request forgery (SSRF) attacks via a crafted DTD in an XML request.

Which versions of Zoho ManageEngine Desktop Central are affected by CVE-2020-8540?

Versions of Zoho ManageEngine Desktop Central up to and excluding the 07-Mar-2020 update are affected by CVE-2020-8540.

Is there a fix available for CVE-2020-8540?

Yes, the vulnerability can be fixed by updating Zoho ManageEngine Desktop Central to the version released on or after 07-Mar-2020.

Vulnerability/
CVE-2020-8540

critical

9.8

CWE

611 918

11/3/2020

21/7/2021

CVE-2020-8540: XEE

Q: What is CVE-2020-8540 vulnerability?

CVE-2020-8540 is an XML external entity (XXE) vulnerability in Zoho ManageEngine Desktop Central before the 07-Mar-2020 update.

First published: Wed Mar 11 2020(Updated: )

An XML external entity (XXE) vulnerability in Zoho ManageEngine Desktop Central before the 07-Mar-2020 update allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Zohocorp Manageengine Desktop Central	<2020-03-07

Never miss a vulnerability like this again

Reference Links

https://www.manageengine.com/products/desktop-central/xxe-vulnerability.html

Frequently Asked Questions

What is CVE-2020-8540 vulnerability?
CVE-2020-8540 is an XML external entity (XXE) vulnerability in Zoho ManageEngine Desktop Central before the 07-Mar-2020 update.
What is the severity of CVE-2020-8540?
The severity of CVE-2020-8540 is critical with a CVSS score of 9.8.
How can remote attackers exploit CVE-2020-8540?
Remote unauthenticated users can exploit CVE-2020-8540 by reading arbitrary files or conducting server-side request forgery (SSRF) attacks via a crafted DTD in an XML request.
Which versions of Zoho ManageEngine Desktop Central are affected by CVE-2020-8540?
Versions of Zoho ManageEngine Desktop Central up to and excluding the 07-Mar-2020 update are affected by CVE-2020-8540.
Is there a fix available for CVE-2020-8540?
Yes, the vulnerability can be fixed by updating Zoho ManageEngine Desktop Central to the version released on or after 07-Mar-2020.

collector/nvd-index
vendor/zohocorp
canonical/zohocorp manageengine desktop central

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.