ManageEngine SharePoint Manager Plus vulnerable to XML External Entity (XXE) attack
CVE-2024-10839

8.1HIGH

Key Information:

Vendor: Manageengine
Status: Sharepoint Manager Plus
Vendor: CVE Published:; 8 November 2024

Summary

ManageEngine SharePoint Manager Plus, developed by Zohocorp, is susceptible to an authenticated XML External Entity (XXE) vulnerability. This issue arises in versions 4503 and earlier, specifically within the Management option of the application. An attacker exploiting this vulnerability can potentially access sensitive data from the server or cause denial of service conditions. It is essential for administrators using affected versions to review security measures and apply necessary updates to mitigate these risks.

Affected Version(s)

SharePoint Manager Plus 0 <= 4503

References

https://www.manageengine.com/sharepoint-management-report...

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 8, 2024
Vulnerability Reserved
Nov 5, 2024

Credit

Zewei Zhang from NSFOCUS TIANJI Lab