Description

Zoho ManageEngine Desktop Central before 10.0.474 have a java deserialization vulnerability. An attacker could exploit this vulnerability using specially-crafted serialized data to execute arbitrary code on the system.

Remediation

Upgrade to the latest version of ManageEngine Desktop Central

References

ManageEngine Desktop Central FileStorage getChartImage Deserialization of Untrusted Data Remote Code Execution Vulnerability

Related Vulnerabilities

ImageMagick remote code execution

WordPress Plugin Cool Video Gallery Command Injection (1.9)

Deserialization of Untrusted Data (Java Object Deserialization)

Appwrite favicon SSRF (CVE-2023-27159)

WordPress Plugin is_human() 'type' Parameter Remote Command Injection (1.4.2)

Severity

High

Classification

CVE-2020-10189 CWE-502 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Acumonitor Code Execution