Vulnerabilities > CVE-2020-15594 - Server-Side Request Forgery (SSRF) vulnerability in Zohocorp Application Control Plus

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

zohocorp

CWE-918

NVD

Published: 2020-09-30

Updated: 2021-07-21

Summary

An SSRF issue was discovered in Zoho Application Control Plus before version 10.0.511. The mail gateway configuration feature allows an attacker to perform a scan in order to discover open ports on a machine as well as available machines on the network segment on which the instance of the product is deployed.

Vulnerable Configurations

Part	Description	Count
Application	Zohocorp Zohocorp Application Control Plus *	1

Common Weakness Enumeration (CWE)

CWE-918 - Server-Side Request Forgery (SSRF)

References

https://excellium-services.com/cert-xlm-advisory/cve-2020-15594/