Unrated severityCISA KEVNVD Advisory· Published Mar 6, 2020· Updated Oct 21, 2025
CVE-2020-10189
CVE-2020-10189
Description
Zoho ManageEngine Desktop Central before 10.0.474 allows remote code execution because of deserialization of untrusted data in getChartImage in the FileStorage class. This is related to the CewolfServlet and MDMLogUploaderServlet servlets.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Zoho/ManageEngine Desktop Centraldescription
- Range: <10.0.474
Patches
Vulnerability mechanics
References
6- packetstormsecurity.com/files/156730/ManageEngine-Desktop-Central-Java-Deserialization.htmlmitrex_refsource_MISC
- cwe.mitre.org/data/definitions/502.htmlmitrex_refsource_MISC
- srcincite.io/advisories/src-2020-0011/mitrex_refsource_MISC
- srcincite.io/pocs/src-2020-0011.py.txtmitrex_refsource_MISC
- www.manageengine.com/products/desktop-central/remote-code-execution-vulnerability.htmlmitrex_refsource_CONFIRM
- www.zdnet.com/article/zoho-zero-day-published-on-twitter/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.