CVE-2020-15595

Name of the Vulnerable Software and Affected Versions Zoho Application Control Plus versions prior to 10.0.511

Description An issue in the Element Configuration feature of Zoho Application Control Plus allows an attacker to retrieve the list of IP ranges and subnets configured in the product. This enables the attacker to obtain information about the internal network cartography that the product has access to.

Recommendations For versions prior to 10.0.511, update to version 10.0.511 or later to resolve the issue. As a temporary workaround, consider restricting access to the Element Configuration feature to minimize the risk of exploitation.