CVE-2020-15594

low-risk
Published 2020-09-30

An SSRF issue was discovered in Zoho Application Control Plus before version 10.0.511. The mail gateway configuration feature allows an attacker to perform a scan in order to discover open ports on a machine as well as available machines on the network segment on which the instance of the product is deployed.

Do I need to act?

-
0.50% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
4
CVSS 4.3/10 Medium
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Zohocorp

References (3)

https://cds.thalesgroup.com/en/tcs-cert/CVE-2020-15594
Third Party Advisory https://excellium-services.com/cert-xlm-advisory/cve-2020-15594/
Third Party Advisory https://excellium-services.com/cert-xlm-advisory/cve-2020-15594/
25
/ 100
low-risk
Severity 18/34 · Moderate
Exploitability 2/34 · Minimal
Exposure 5/34 · Minimal