CVE-2020-10189

Name of the Vulnerable Software and Affected Versions Zoho ManageEngine Desktop Central versions prior to 10.0.474

Description The issue is related to the deserialization of untrusted data in the getChartImage method of the FileStorage class, which is associated with the CewolfServlet and MDMLogUploaderServlet servlets. This allows for remote code execution.

Recommendations For versions prior to 10.0.474, update to version 10.0.474 or later to resolve the issue. As a temporary workaround, consider restricting access to the CewolfServlet and MDMLogUploaderServlet servlets until a patch is applied. Additionally, avoid using the getChartImage method in the FileStorage class until the issue is resolved.