Vulnerabilities (CVE)

Filtered by vendor Zohocorp Subscribe
Filtered by product Application Control Plus
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-15595 1 Zohocorp 1 Application Control Plus 2024-02-04 4.0 MEDIUM 4.3 MEDIUM
An issue was discovered in Zoho Application Control Plus before version 10.0.511. The Element Configuration feature (to configure elements included in the scope of elements managed by the product) allows an attacker to retrieve the entire list of the IP ranges and subnets configured in the product and consequently obtain information about the cartography of the internal networks to which the product has access.
CVE-2020-15594 1 Zohocorp 1 Application Control Plus 2024-02-04 4.0 MEDIUM 4.3 MEDIUM
An SSRF issue was discovered in Zoho Application Control Plus before version 10.0.511. The mail gateway configuration feature allows an attacker to perform a scan in order to discover open ports on a machine as well as available machines on the network segment on which the instance of the product is deployed.