Lucene search

MitreCVE-2020-15594

HistorySep 30, 2020 - 6:15 p.m.

CVE-2020-15594

2020-09-3018:15:22

CWE-918

mitre

web.nvd.nist.gov

cve-2020-15594

ssrf

zoho

application control plus

security vulnerability

mail gateway configuration

network scanning

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

4.6

Confidence

High

EPSS

0.001

Percentile

31.1%

JSON

An SSRF issue was discovered in Zoho Application Control Plus before version 10.0.511. The mail gateway configuration feature allows an attacker to perform a scan in order to discover open ports on a machine as well as available machines on the network segment on which the instance of the product is deployed.

Affected configurations

Nvd

Node

zohocorpapplication_control_plusRange<10.0.511

VendorProductVersionCPE
zohocorpapplication_control_plus*cpe:2.3:a:zohocorp:application_control_plus:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
zohocorp	application_control_plus	*	cpe:2.3:a:zohocorp:application_control_plus::::::::

References

excellium-services.com/cert-xlm-advisory/cve-2020-15594/

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

4.6

Confidence

High

EPSS

0.001

Percentile

31.1%

JSON

Related for CVE-2020-15594