CVE-2020-15589 vulnerability in Zoho Corp Products
Published on October 2, 2020

A design issue was discovered in GetInternetRequestHandle, InternetSendRequestEx and InternetSendRequestByBitrate in the client side of Zoho ManageEngine Desktop Central 10.0.552.W and Remote Access Plus before 10.1.2119.1. By exploiting this issue, an attacker-controlled server can force the client to skip TLS certificate validation, leading to a man-in-the-middle attack against HTTPS and unauthenticated remote code execution.

NVD

Products Associated with CVE-2020-15589

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2020-15589 are published in these products:

Zoho Corp Manageengine Desktop Central

Zoho Corp Manageengine Remote Access Plus

Exploit Probability

EPSS

3.58%

Percentile

87.51%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2020-15589 vulnerability in Zoho Corp ProductsPublished on October 2, 2020

Products Associated with CVE-2020-15589

Exploit Probability

CVE-2020-15589 vulnerability in Zoho Corp Products
Published on October 2, 2020