vulnerability in Zoho ManageEngine Desktop Central before the 07-Mar-2020

Overview :

An XML external entity (XXE) vulnerability in Zoho ManageEngine Desktop Central before the 07-Mar-2020 update allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request.

Affected Product(s) :

XML External Entity (XXE) Vulnerability (CVE-2020-8540)

This document will explain about the XML External Entity (XXE) (CVE-2020-8540) vulnerability on agent servlet, which was reported by kalimer0x00.

What was the problem?

The server parses XML input from the agent periodically to process the data. This attack occurs when there is a reference to external entity, which might be malicious, in the XML file. This may lead to unintended operations and may crash the server.

Solution :

How do I fix it?

This was identified and fixed on 07-Mar-2020. To apply this fix, follow the steps below:

Facebook
Twitter
LinkedIn

Recent Blog Posts

Best Tools to Identify Broken Access Control in APIs
Top Made-in-India Enterprise Cybersecurity Solutions (2025 Guide)
How to Choose the Right Cloud WAF for Your Business in 2025
Top 10 Cybersecurity Companies in India - 2025 Edition
Top 10 Network Security Solutions for 2025

WAF Solution