PT-2021-11704 · Zoho · Zoho Manageengine Application Control Plus

Nuttakorn Tungpoonsup

·

Published

2021-03-05

·

Updated

2021-07-21

·

CVE-2020-29658

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions: Zoho ManageEngine Application Control Plus versions prior to 100523
Description: The issue is related to an insecure SSL configuration setting for Nginx, which can lead to Privilege Escalation.
Recommendations: For versions prior to 100523, update to version 100523 or later to resolve the issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Related Identifiers

CVE-2020-29658

Affected Products

Zoho Manageengine Application Control Plus