ManageEngine SharePoint Manager Plus vulnerable to XML External Entity (XXE) attack

CVE-2024-10839

8.1HIGH

Key Information

Vendor: Manageengine
Status: Sharepoint Manager Plus
Vendor: CVE Published:; 8 November 2024

Summary

Zohocorp ManageEngine SharePoint Manager Plus versions 4503 and prior are vulnerable to authenticated XML External Entity (XXE) in the Management option.

Affected Version(s)

SharePoint Manager Plus <= 4503

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Nov 8, 2024
Vulnerability Reserved.
Nov 5, 2024

Collectors

NVD DatabaseMitre Database

Credit

Zewei Zhang from NSFOCUS TIANJI Lab