CVE-2020-15595

Exploit

EPSS 2.18%
Veröffentlicht 30.09.2020 18:15:22
Zuletzt bearbeitet 30.05.2025 16:15:25
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

An issue was discovered in Zoho Application Control Plus before version 10.0.511. The Element Configuration feature (to configure elements included in the scope of elements managed by the product) allows an attacker to retrieve the entire list of the IP ranges and subnets configured in the product and consequently obtain information about the cartography of the internal networks to which the product has access.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 0 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Zohocorp ≫ Manageengine Application Control Plus Version < 10.0.511

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	2.18%	0.837

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:P/I:N/A:N
cve@mitre.org	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

https://excellium-services.com/cert-xlm-advisory/CVE-2020-15595

Third Party Advisory

Exploit

https://cds.thalesgroup.com/en/tcs-cert/CVE-2020-15595

https://nvd.nist.gov/vuln/detail/CVE-2020-15595

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-15595

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-15595

EUVD