CVE-2019-20474 is a vulnerability in Zoho Corp Manageengine Remote Access Plus
Published on February 17, 2020
An issue was discovered in Zoho ManageEngine Remote Access Plus 10.0.447. The service to test the mail-server configuration suffers from an authorization issue allowing a user with the Guest role (read-only access) to use and abuse it. One of the abuses allows performing network and port scan operations of the localhost or the hosts on the same network segment, aka SSRF.
Products Associated with CVE-2019-20474
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2019-20474 are published in Zoho Corp Manageengine Remote Access Plus:
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.