ManageEngine SharePoint Manager Plus vulnerable to XML External Entity (XXE) attack
CVE-2024-10839
8.1HIGH
Summary
Zohocorp ManageEngine SharePoint Manager Plus versions 4503 and prior are vulnerable to authenticated XML External Entity (XXE) in the Management option.
Affected Version(s)
SharePoint Manager Plus <= 4503
Refferences
CVSS V3.1
Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Collectors
NVD DatabaseMitre Database
Credit
Zewei Zhang from NSFOCUS TIANJI Lab