Cyber Resilience

CVE-2020-29658

Critical

Published: 05 March 2021

Published
05 March 2021
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.1495 94.7th percentile
Risk Priority 29 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2020-29658 is a critical-severity an unspecified weakness vulnerability in Zohocorp Manageengine Applications Control Plus. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 5.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Zoho ManageEngine Application Control Plus before 100523 has an insecure SSL configuration setting for Nginx, leading to Privilege Escalation.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

zohocorp
manageengine applications control plus
≤ 100523

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References