ManageEngine Desktop Central Deserialization RCE (CVE-2020-10189) - Vulnerability Database

ManageEngine Desktop Central Deserialization RCE (CVE-2020-10189)

Description

Zoho ManageEngine Desktop Central before 10.0.474 have a java deserialization vulnerability. An attacker could exploit this vulnerability using specially-crafted serialized data to execute arbitrary code on the system.

Remediation

Upgrade to the latest version of ManageEngine Desktop Central

References

ManageEngine Desktop Central FileStorage getChartImage Deserialization of Untrusted Data Remote Code Execution Vulnerability

Related Vulnerabilities

Severity

High

Classification

CVE-2020-10189

CWE-502

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N