CVE-2020-15594
MEDIUMZoho Application Control Plus < 10.0.511 - Server-Side Request Forgery via Mail Gateway Configuration
Title source: llmDescription
An SSRF issue was discovered in Zoho Application Control Plus before version 10.0.511. The mail gateway configuration feature allows an attacker to perform a scan in order to discover open ports on a machine as well as available machines on the network segment on which the instance of the product is deployed.
References (2)
Core 2
Core References
Various Sources
https://cds.thalesgroup.com/en/tcs-cert/CVE-2020-15594
Third Party Advisory
https://excellium-services.com/cert-xlm-advisory/cve-2020-15594/
Scores
CVSS v3
4.3
EPSS
0.0050
EPSS Percentile
66.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-918
Status
published
Products (1)
zohocorp/manageengine_application_control_plus
< 10.0.511
Published
Sep 30, 2020
Tracked Since
Feb 18, 2026