Unrated severityCISA KEVNVD Advisory· Published Mar 6, 2020· Updated Oct 21, 2025

CVE-2020-10189

Description

Zoho ManageEngine Desktop Central before 10.0.474 allows remote code execution because of deserialization of untrusted data in getChartImage in the FileStorage class. This is related to the CewolfServlet and MDMLogUploaderServlet servlets.

Affected products

Zoho/ManageEngine Desktop Centraldescription

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

packetstormsecurity.com/files/156730/ManageEngine-Desktop-Central-Java-Deserialization.htmlmitrex_refsource_MISC
cwe.mitre.org/data/definitions/502.htmlmitrex_refsource_MISC
srcincite.io/advisories/src-2020-0011/mitrex_refsource_MISC
srcincite.io/pocs/src-2020-0011.py.txtmitrex_refsource_MISC
www.manageengine.com/products/desktop-central/remote-code-execution-vulnerability.htmlmitrex_refsource_CONFIRM
www.zdnet.com/article/zoho-zero-day-published-on-twitter/mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.075
exploit	0.030
kev	0.120
patch	0.000
ransomware	0.000