High severity8.1NVD Advisory· Published Oct 2, 2020· Updated Jun 17, 2026
CVE-2020-15589
CVE-2020-15589
Description
A design issue was discovered in GetInternetRequestHandle, InternetSendRequestEx and InternetSendRequestByBitrate in the client side of Zoho ManageEngine Desktop Central 10.0.552.W and Remote Access Plus before 10.1.2119.1. By exploiting this issue, an attacker-controlled server can force the client to skip TLS certificate validation, leading to a man-in-the-middle attack against HTTPS and unauthenticated remote code execution.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- Zoho/ManageEngine Desktop Centraldescription
- Range: <10.1.2119.1
- Range: <=10.0.552.W
Patches
Vulnerability mechanics
References
2- www.manageengine.com/products/desktop-central/nvdProductVendor Advisory
- www.manageengine.com/products/desktop-central/untrusted-agent-server-communication.htmlnvdVendor Advisory
News mentions
0No linked articles in our index yet.