vulnerability
ManageEngine Desktop Central - CVE-2020-10189: Unauthenticated remote code execution
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 9 | (AV:N/AC:L/Au:N/C:C/I:C/A:C) | Mar 6, 2020 | Mar 10, 2020 | May 3, 2022 |
Severity
9
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
Mar 6, 2020
Added
Mar 10, 2020
Modified
May 3, 2022
Description
Zoho ManageEngine Desktop Central before 10.0.479 allows remote code execution because of deserialization of untrusted data in getChartImage in the FileStorage class. This is related to the CewolfServlet and MDMLogUploaderServlet servlets.
Solution
http-manageengine-desktop-central-upgrade-10-0-479
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.