CVE-2020-21641

Name of the Vulnerable Software and Affected Versions Zoho ManageEngine Analytics Plus versions prior to 4.3.5

Description The issue allows remote attackers to read arbitrary files, enumerate folders, and scan internal ports via a crafted XML license file. This is due to an Out-of-Band XML External Entity (OOB-XXE) vulnerability.

Recommendations For versions prior to 4.3.5, update to version 4.3.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the XML license file to minimize the risk of exploitation.