CVE-2020-8540

Name of the Vulnerable Software and Affected Versions Zoho ManageEngine Desktop Central versions prior to 07-Mar-2020 update

Description A vulnerability allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request. This issue can be exploited to access sensitive information or forge requests to internal servers.

Recommendations For versions prior to the 07-Mar-2020 update, update to a version released after 07-Mar-2020 to resolve the issue. As a temporary workaround, consider restricting access to XML requests or disabling the XML parsing functionality until a patch is available.