Description

Zoho ManageEngine Desktop Central before 10.0.474 have a java deserialization vulnerability. An attacker could exploit this vulnerability using specially-crafted serialized data to execute arbitrary code on the system.

Remediation

Upgrade to the latest version of ManageEngine Desktop Central

References

ManageEngine Desktop Central FileStorage getChartImage Deserialization of Untrusted Data Remote Code Execution Vulnerability

Related Vulnerabilities

WordPress Plugin File Manager Remote Code Execution (4.5)

SAP Hybris Deserialization RCE

Flex BlazeDS AMF Deserialization RCE

Remote Code Execution (Spring4Shell)

Ivanti EPM SQLi RCE (CVE-2024-29824)

Severity

High

Classification

CVE-2020-10189 CWE-502 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Acumonitor Code Execution