CVE-2024-10839

Published: Nov 8, 2024Modified: Nov 13, 2024

8.1

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Exploitability: 2.8 / Impact: 5.2

Source: NVD

Description

Zohocorp ManageEngine SharePoint Manager Plus versions 4503 and prior are vulnerable to authenticated XML External Entity (XXE) in the Management option.

Affected (90)

Products: Zohocorp: Manageengine Sharepoint Manager Plus

Zohocorp

1 product

Manageengine Sharepoint Manager Plus

Configuration A

90 vulnerable

Vulnerable Software	Affected Versions
Zohocorp Manageengine Sharepoint Manager Plus	Version 4.0 4000
Zohocorp Manageengine Sharepoint Manager Plus	Version 4.0 4001
Zohocorp Manageengine Sharepoint Manager Plus	Version 4.0 4002
Zohocorp Manageengine Sharepoint Manager Plus	Version 4.0 4003
Zohocorp Manageengine Sharepoint Manager Plus	Version 4.0 4004
Zohocorp Manageengine Sharepoint Manager Plus	Version 4.0 4005
Zohocorp Manageengine Sharepoint Manager Plus	Version 4.0 4006
Zohocorp Manageengine Sharepoint Manager Plus	Version 4.0 4007
Zohocorp Manageengine Sharepoint Manager Plus	Version 4.0 4008
Zohocorp Manageengine Sharepoint Manager Plus	Version 4.0 4009
Zohocorp Manageengine Sharepoint Manager Plus	Version 4.0 4010
Zohocorp Manageengine Sharepoint Manager Plus	Version 4.0 4011
Zohocorp Manageengine Sharepoint Manager Plus	Version 4.0 4012
Zohocorp Manageengine Sharepoint Manager Plus	Version 4.0 4013
Zohocorp Manageengine Sharepoint Manager Plus	Version 4.0 4014
Zohocorp Manageengine Sharepoint Manager Plus	Version 4.0 4015
Zohocorp Manageengine Sharepoint Manager Plus	Version 4.0 4016
Zohocorp Manageengine Sharepoint Manager Plus	Version 4.0 4017
Zohocorp Manageengine Sharepoint Manager Plus	Version 4.0 4018
Zohocorp Manageengine Sharepoint Manager Plus	Version 4.0 4019
Zohocorp Manageengine Sharepoint Manager Plus	Version 4.0 4020
Zohocorp Manageengine Sharepoint Manager Plus	Version 4.0 4021
Zohocorp Manageengine Sharepoint Manager Plus	Version 4.0 4022
Zohocorp Manageengine Sharepoint Manager Plus	Version 4.0 4023
Zohocorp Manageengine Sharepoint Manager Plus	Version 4.0 4024
Zohocorp Manageengine Sharepoint Manager Plus	Version 4.0 4025
Zohocorp Manageengine Sharepoint Manager Plus	Version 4.0 4026
Zohocorp Manageengine Sharepoint Manager Plus	Version 4.0 4027
Zohocorp Manageengine Sharepoint Manager Plus	Version 4.0 4028
Zohocorp Manageengine Sharepoint Manager Plus	Version 4.0 4029
Zohocorp Manageengine Sharepoint Manager Plus	Version 4.0 4030
Zohocorp Manageengine Sharepoint Manager Plus	Version 4.0 4031
Zohocorp Manageengine Sharepoint Manager Plus	Version 4.0 4032
Zohocorp Manageengine Sharepoint Manager Plus	Version 4.0 4033
Zohocorp Manageengine Sharepoint Manager Plus	Version 4.1 4100
Zohocorp Manageengine Sharepoint Manager Plus	Version 4.1 4101
Zohocorp Manageengine Sharepoint Manager Plus	Version 4.1 4102
Zohocorp Manageengine Sharepoint Manager Plus	Version 4.1 4103
Zohocorp Manageengine Sharepoint Manager Plus	Version 4.1 4104
Zohocorp Manageengine Sharepoint Manager Plus	Version 4.1 4105
Zohocorp Manageengine Sharepoint Manager Plus	Version 4.1 4106
Zohocorp Manageengine Sharepoint Manager Plus	Version 4.1 4107
Zohocorp Manageengine Sharepoint Manager Plus	Version 4.1 4108
Zohocorp Manageengine Sharepoint Manager Plus	Version 4.1 4109
Zohocorp Manageengine Sharepoint Manager Plus	Version 4.1 4110
Zohocorp Manageengine Sharepoint Manager Plus	Version 4.2 4200
Zohocorp Manageengine Sharepoint Manager Plus	Version 4.2 4201
Zohocorp Manageengine Sharepoint Manager Plus	Version 4.3 4300
Zohocorp Manageengine Sharepoint Manager Plus	Version 4.3 4301
Zohocorp Manageengine Sharepoint Manager Plus	Version 4.3 4302
Zohocorp Manageengine Sharepoint Manager Plus	Version 4.3 4303
Zohocorp Manageengine Sharepoint Manager Plus	Version 4.3 4304
Zohocorp Manageengine Sharepoint Manager Plus	Version 4.3 4305
Zohocorp Manageengine Sharepoint Manager Plus	Version 4.3 4306
Zohocorp Manageengine Sharepoint Manager Plus	Version 4.3 4307
Zohocorp Manageengine Sharepoint Manager Plus	Version 4.3 4308
Zohocorp Manageengine Sharepoint Manager Plus	Version 4.3 4309
Zohocorp Manageengine Sharepoint Manager Plus	Version 4.3 4310
Zohocorp Manageengine Sharepoint Manager Plus	Version 4.3 4311
Zohocorp Manageengine Sharepoint Manager Plus	Version 4.3 4312
Zohocorp Manageengine Sharepoint Manager Plus	Version 4.3 4313
Zohocorp Manageengine Sharepoint Manager Plus	Version 4.3 4314
Zohocorp Manageengine Sharepoint Manager Plus	Version 4.3 4315
Zohocorp Manageengine Sharepoint Manager Plus	Version 4.3 4316
Zohocorp Manageengine Sharepoint Manager Plus	Version 4.3 4317
Zohocorp Manageengine Sharepoint Manager Plus	Version 4.3 4318
Zohocorp Manageengine Sharepoint Manager Plus	Version 4.3 4319
Zohocorp Manageengine Sharepoint Manager Plus	Version 4.3 4320
Zohocorp Manageengine Sharepoint Manager Plus	Version 4.3 4321
Zohocorp Manageengine Sharepoint Manager Plus	Version 4.3 4322
Zohocorp Manageengine Sharepoint Manager Plus	Version 4.3 4323
Zohocorp Manageengine Sharepoint Manager Plus	Version 4.3 4324
Zohocorp Manageengine Sharepoint Manager Plus	Version 4.3 4325
Zohocorp Manageengine Sharepoint Manager Plus	Version 4.3 4326
Zohocorp Manageengine Sharepoint Manager Plus	Version 4.3 4327
Zohocorp Manageengine Sharepoint Manager Plus	Version 4.3 4328
Zohocorp Manageengine Sharepoint Manager Plus	Version 4.3 4329
Zohocorp Manageengine Sharepoint Manager Plus	Version 4.3 4330
Zohocorp Manageengine Sharepoint Manager Plus	Version 4.3 4331
Zohocorp Manageengine Sharepoint Manager Plus	Version 4.3 4332
Zohocorp Manageengine Sharepoint Manager Plus	Version 4.3 4333
Zohocorp Manageengine Sharepoint Manager Plus	Version 4.4 4400
Zohocorp Manageengine Sharepoint Manager Plus	Version 4.4 4401
Zohocorp Manageengine Sharepoint Manager Plus	Version 4.4 4402
Zohocorp Manageengine Sharepoint Manager Plus	Version 4.4 4403
Zohocorp Manageengine Sharepoint Manager Plus	Version 4.4 4404
Zohocorp Manageengine Sharepoint Manager Plus	Version 4.5 4500
Zohocorp Manageengine Sharepoint Manager Plus	Version 4.5 4501
Zohocorp Manageengine Sharepoint Manager Plus	Version 4.5 4502
Zohocorp Manageengine Sharepoint Manager Plus	Version 4.5 4503

Related CWEs

CWE-611

Improper Restriction of XML External Entity Reference

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

References (1)

https://www.manageengine.com/sharepoint-management-reporting/advisory/CVE-2024-10839.html

Source: 0fc0942c-577d-436f-ae8e-945763c79b02

Vendor Advisory

Timeline

No history available yet.