CVE-2020-15595

Exploit

EPSS 2.18%
Published 30.09.2020 18:15:22
Last modified 30.05.2025 16:15:25
Source cve@mitre.org
Teams watchlist Login
Open Login

An issue was discovered in Zoho Application Control Plus before version 10.0.511. The Element Configuration feature (to configure elements included in the scope of elements managed by the product) allows an attacker to retrieve the entire list of the IP ranges and subnets configured in the product and consequently obtain information about the cartography of the internal networks to which the product has access.

Affected products Warnungen 0 Metrics 4 CWE 0 References 5

Data is provided by the National Vulnerability Database (NVD)

Zohocorp ≫ Manageengine Application Control Plus Version < 10.0.511

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	2.18%	0.837

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:P/I:N/A:N
cve@mitre.org	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

https://excellium-services.com/cert-xlm-advisory/CVE-2020-15595

Third Party Advisory

Exploit

https://cds.thalesgroup.com/en/tcs-cert/CVE-2020-15595

https://nvd.nist.gov/vuln/detail/CVE-2020-15595

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-15595

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-15595

EUVD