# CVE-2020-10189

> Zoho ManageEngine Desktop Central before 10.0.474 allows remote code execution because of deserialization of untrusted data in getChartImage in the FileStorage class. This is related to the CewolfServlet and MDMLogUploaderServlet servlets.

- **CVSS:** 9.8 (CRITICAL)
- **EPSS:** 94.2%
- **CISA KEV:** yes
- **CWE:** CWE-502

Canonical: https://intel.threadlinqs.com/cve/CVE-2020-10189
Full threat coverage + IOCs via the Threadlinqs MCP server (Purple tier): https://intel.threadlinqs.com/mcp