Vulnerabilities > Zohocorp > Manageengine Desktop Central > 10.0.290
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-30 | CVE-2020-8509 | Missing Authentication for Critical Function vulnerability in Zohocorp Manageengine Desktop Central Zoho ManageEngine Desktop Central before 10.0.483 allows unauthenticated users to access PDFGenerationServlet, leading to sensitive information disclosure. | 5.0 |
| 2020-03-11 | CVE-2020-8540 | XXE vulnerability in Zohocorp Manageengine Desktop Central An XML external entity (XXE) vulnerability in Zoho ManageEngine Desktop Central before the 07-Mar-2020 update allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request. | 7.5 |
| 2020-03-06 | CVE-2020-10189 | Deserialization of Untrusted Data vulnerability in Zohocorp Manageengine Desktop Central Zoho ManageEngine Desktop Central before 10.0.474 allows remote code execution because of deserialization of untrusted data in getChartImage in the FileStorage class. | 9.8 |