CVE-2021-35512
Description
An SSRF issue was discovered in Zoho ManageEngine Applications Manager build 15200.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
SSRF in Zoho ManageEngine Applications Manager build 15200 allows an attacker to make requests to internal resources and perform reconnaissance.
Vulnerability
An SSRF vulnerability exists in Zoho ManageEngine Applications Manager builds 15190 and 15200. The vulnerable component allows an attacker to send crafted requests that are executed by the server, reaching internal resources [2].
Exploitation
An attacker can exploit this by supplying a malicious URL to the vulnerable endpoint. No authentication is required, and the server-side code will process the URL, allowing the attacker to scan ports, fingerprint the intranet, and access internal services [2].
Impact
Successful exploitation can lead to port scanning, fingerprinting of the internal network, attacking internal web applications, and reading local web server files, potentially exposing sensitive information [2].
Mitigation
Zoho has released fixes in later builds. Users should upgrade to the latest version of Applications Manager. For details, refer to the release notes [3]. No official workaround is documented.
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Zoho/ManageEngine Applications Managerdescription
- Range: = 15200
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
3- www.esecforte.com/server-side-request-forgery-india-ssrf-rvd-manage-engine/mitrex_refsource_MISC
- www.manageengine.com/products/applications_manager/mitrex_refsource_MISC
- www.manageengine.com/products/applications_manager/release-notes.htmlmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.