Vulnerability-Lookup

CVE-2024-10839 (GCVE-0-2024-10839)

Vulnerability from cvelistv5 – Published: 2024-11-08 10:58 – Updated: 2024-11-08 14:18

Title

XML External Entity

Summary

Zohocorp ManageEngine SharePoint Manager Plus versions 4503 and prior are vulnerable to authenticated XML External Entity (XXE) in the Management option.

Severity

8.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-611 - Improper Restriction of XML External Entity Reference

Assigner

ManageEngine

References

1 reference

URL	Tags
https://www.manageengine.com/sharepoint-managemen…

Impacted products

1 product

Vendor	Product	Version
ManageEngine	SharePoint Manager Plus	Affected: 0 , ≤ 4503 (4503)

Credits

Zewei Zhang from NSFOCUS TIANJI Lab

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-10839",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-08T14:18:42.476990Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-08T14:18:57.843Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://www.manageengine.com/?pos=SharePointMgr",
          "defaultStatus": "unaffected",
          "product": "SharePoint Manager Plus",
          "vendor": "ManageEngine",
          "versions": [
            {
              "lessThanOrEqual": "4503",
              "status": "affected",
              "version": "0",
              "versionType": "4503"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Zewei Zhang from NSFOCUS TIANJI Lab"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Zohocorp ManageEngine SharePoint Manager Plus versions\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e4503 and prior are vulnerable to authenticated XML External Entity (XXE) in the Management option.\u003c/span\u003e"
            }
          ],
          "value": "Zohocorp ManageEngine SharePoint Manager Plus versions\u00a04503 and prior are vulnerable to authenticated XML External Entity (XXE) in the Management option."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 8.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-611",
              "description": "CWE-611 Improper Restriction of XML External Entity Reference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-08T10:58:19.228Z",
        "orgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
        "shortName": "ManageEngine"
      },
      "references": [
        {
          "url": "https://www.manageengine.com/sharepoint-management-reporting/advisory/CVE-2024-10839.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "XML External Entity",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
    "assignerShortName": "ManageEngine",
    "cveId": "CVE-2024-10839",
    "datePublished": "2024-11-08T10:58:19.228Z",
    "dateReserved": "2024-11-05T05:54:33.831Z",
    "dateUpdated": "2024-11-08T14:18:57.843Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2024-10839",
      "date": "2026-06-16",
      "epss": "0.01458",
      "percentile": "0.70046"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-10839\",\"sourceIdentifier\":\"0fc0942c-577d-436f-ae8e-945763c79b02\",\"published\":\"2024-11-08T11:15:03.603\",\"lastModified\":\"2024-11-13T20:19:01.647\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Zohocorp ManageEngine SharePoint Manager Plus versions\u00a04503 and prior are vulnerable to authenticated XML External Entity (XXE) in the Management option.\"},{\"lang\":\"es\",\"value\":\"Las versiones 4503 y anteriores de Zohocorp ManageEngine SharePoint Manager Plus son vulnerables a la entidad externa XML autenticada (XXE) en la opci\u00f3n de administraci\u00f3n.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"0fc0942c-577d-436f-ae8e-945763c79b02\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L\",\"baseScore\":8.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.1,\"impactScore\":4.7},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.2}]},\"weaknesses\":[{\"source\":\"0fc0942c-577d-436f-ae8e-945763c79b02\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-611\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-611\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.0:4000:*:*:*:*:*:*\",\"matchCriteriaId\":\"AF47FC4B-79FE-4AA8-8C67-79F470DCC4D5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.0:4001:*:*:*:*:*:*\",\"matchCriteriaId\":\"04CCC8AC-AA54-46CC-AEFB-B909003AFCFA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.0:4002:*:*:*:*:*:*\",\"matchCriteriaId\":\"DE0916A9-4214-47E2-B27C-6D788856D0C8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.0:4003:*:*:*:*:*:*\",\"matchCriteriaId\":\"6E038A12-04FB-46F9-84FB-6DEEDFD33AB4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.0:4004:*:*:*:*:*:*\",\"matchCriteriaId\":\"E6735D0F-585B-44B9-8088-56E5BAA55834\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.0:4005:*:*:*:*:*:*\",\"matchCriteriaId\":\"B758CC62-71E8-4BCE-AE57-33FFF2B3B5DD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.0:4006:*:*:*:*:*:*\",\"matchCriteriaId\":\"1C682DA9-EF6E-411D-B732-D8E7EC4B6753\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.0:4007:*:*:*:*:*:*\",\"matchCriteriaId\":\"E2FC25BF-A17F-4A1A-AC3E-A32703406CFB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.0:4008:*:*:*:*:*:*\",\"matchCriteriaId\":\"F04CD7E2-DA46-486E-BF98-37E675FCAF12\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.0:4009:*:*:*:*:*:*\",\"matchCriteriaId\":\"6F1A2B1F-5D1C-4EF1-8F68-A67B8BAF337D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.0:4010:*:*:*:*:*:*\",\"matchCriteriaId\":\"3F81E19F-DD6F-4DB2-9F9B-D66C208E9F47\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.0:4011:*:*:*:*:*:*\",\"matchCriteriaId\":\"E1C886EC-0188-4DD6-89E2-D546239A26AA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.0:4012:*:*:*:*:*:*\",\"matchCriteriaId\":\"85921AC2-A6B3-4C72-8A5A-79D9E6351952\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.0:4013:*:*:*:*:*:*\",\"matchCriteriaId\":\"23F4BC97-29AF-4995-8BDA-D195FDCD014F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.0:4014:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D4C77B6-AC5C-448D-A11D-49119969DB9D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.0:4015:*:*:*:*:*:*\",\"matchCriteriaId\":\"0658818A-3ACB-404E-8A9D-3106B8952F00\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.0:4016:*:*:*:*:*:*\",\"matchCriteriaId\":\"274E02A5-4D80-4FD3-BD25-EF623D98E55D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.0:4017:*:*:*:*:*:*\",\"matchCriteriaId\":\"E74F1E9F-38EE-4405-949B-8B82E0911032\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.0:4018:*:*:*:*:*:*\",\"matchCriteriaId\":\"50E939C9-F6A5-4318-8870-0C4A147769D3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.0:4019:*:*:*:*:*:*\",\"matchCriteriaId\":\"108016CC-A364-4D3A-9F27-23CE0626E8BF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.0:4020:*:*:*:*:*:*\",\"matchCriteriaId\":\"FDA50903-0205-4466-A3C9-EB92AB32A5C2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.0:4021:*:*:*:*:*:*\",\"matchCriteriaId\":\"932FCF03-DADC-4657-A94B-291A22EB1EA1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.0:4022:*:*:*:*:*:*\",\"matchCriteriaId\":\"27C7ABA5-F87C-4325-B785-198B0BB0821E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.0:4023:*:*:*:*:*:*\",\"matchCriteriaId\":\"66CA28BE-EA62-4D0E-A515-0E487C4303F2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.0:4024:*:*:*:*:*:*\",\"matchCriteriaId\":\"9FD766BD-7E5F-45FE-8794-7F9AE22AC09B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.0:4025:*:*:*:*:*:*\",\"matchCriteriaId\":\"35B01118-BDF0-408E-B924-779F959E2B6A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.0:4026:*:*:*:*:*:*\",\"matchCriteriaId\":\"1666619C-1634-43C0-BCE5-79FD5F88BF01\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.0:4027:*:*:*:*:*:*\",\"matchCriteriaId\":\"5787B67C-5D51-4356-818F-B4BF8AB2E556\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.0:4028:*:*:*:*:*:*\",\"matchCriteriaId\":\"90540A89-4C56-4C78-9324-AD2B2F5458A6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.0:4029:*:*:*:*:*:*\",\"matchCriteriaId\":\"E65645F5-8C97-459A-B6DB-6D17E25CFAB1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.0:4030:*:*:*:*:*:*\",\"matchCriteriaId\":\"2D2C643C-C050-4C55-8C24-FB146964BE43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.0:4031:*:*:*:*:*:*\",\"matchCriteriaId\":\"A3226BE0-1727-4844-B8F5-4E073BEA81D8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.0:4032:*:*:*:*:*:*\",\"matchCriteriaId\":\"32BD2405-3F90-426F-8A4F-812AF7BCCDA4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.0:4033:*:*:*:*:*:*\",\"matchCriteriaId\":\"BB3F7A3A-E754-45C9-ADA7-BD1752750769\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.1:4100:*:*:*:*:*:*\",\"matchCriteriaId\":\"9C58D744-00D3-49DA-B0FF-0492035CE294\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.1:4101:*:*:*:*:*:*\",\"matchCriteriaId\":\"65F43E49-8E92-46A3-AE48-5D8D4FA3544C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.1:4102:*:*:*:*:*:*\",\"matchCriteriaId\":\"D7D70030-94F0-4372-916E-FE80FCC921D3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.1:4103:*:*:*:*:*:*\",\"matchCriteriaId\":\"76C2DC2E-EE44-4EE2-A030-C29A9A315F2A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.1:4104:*:*:*:*:*:*\",\"matchCriteriaId\":\"11A943BA-C81E-41D9-9518-769117780E58\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.1:4105:*:*:*:*:*:*\",\"matchCriteriaId\":\"28CA92C1-B682-4464-8F42-D1BEDCB36FFC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.1:4106:*:*:*:*:*:*\",\"matchCriteriaId\":\"54BFB77D-4FCE-4DF0-A67D-6E102F348F0D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.1:4107:*:*:*:*:*:*\",\"matchCriteriaId\":\"21410490-0A09-4DEF-8468-A714F281821B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.1:4108:*:*:*:*:*:*\",\"matchCriteriaId\":\"44849616-A51B-4E3B-AFE0-346CFA04D23F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.1:4109:*:*:*:*:*:*\",\"matchCriteriaId\":\"8E663A4C-6F7D-4E95-8031-8676E5B868A9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.1:4110:*:*:*:*:*:*\",\"matchCriteriaId\":\"503FEA89-EF2F-4B20-9AC9-54FBBCE34E8F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.2:4200:*:*:*:*:*:*\",\"matchCriteriaId\":\"4ADA47E0-091F-47CF-B75E-5D46A83AAAB5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.2:4201:*:*:*:*:*:*\",\"matchCriteriaId\":\"134E181C-1E8B-4ABC-9933-D0A73942D672\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.3:4300:*:*:*:*:*:*\",\"matchCriteriaId\":\"98726F10-CC3D-4A3B-BBAF-34A5157E56F3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.3:4301:*:*:*:*:*:*\",\"matchCriteriaId\":\"6C352082-881A-4E47-B5EE-8235F8CC8E03\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.3:4302:*:*:*:*:*:*\",\"matchCriteriaId\":\"72A0460C-F8A7-4474-BFC7-39A0ED3C2ED2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.3:4303:*:*:*:*:*:*\",\"matchCriteriaId\":\"F15883E0-1568-4C9E-8CEB-3CE5EF45C207\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.3:4304:*:*:*:*:*:*\",\"matchCriteriaId\":\"54BDC0CB-F777-4F7E-B81B-70F5A1CFC11C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.3:4305:*:*:*:*:*:*\",\"matchCriteriaId\":\"E5944D38-EE9D-46C8-B2B1-B644F9BFF699\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.3:4306:*:*:*:*:*:*\",\"matchCriteriaId\":\"76AE6642-34E8-4825-9532-11872BC97BCF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.3:4307:*:*:*:*:*:*\",\"matchCriteriaId\":\"15EBF790-CC00-42BD-8EFE-161DCBCDF4EC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.3:4308:*:*:*:*:*:*\",\"matchCriteriaId\":\"DAFC0A2A-685A-4660-9859-1ACDBCD5CD51\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.3:4309:*:*:*:*:*:*\",\"matchCriteriaId\":\"06021DF2-C0A4-4D63-A30B-8B58196C2999\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.3:4310:*:*:*:*:*:*\",\"matchCriteriaId\":\"2EBA81B7-BF8D-4CA4-9692-3EA514B8B738\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.3:4311:*:*:*:*:*:*\",\"matchCriteriaId\":\"E3EF5F01-6FFA-4A6C-8102-66B9D89B6B74\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.3:4312:*:*:*:*:*:*\",\"matchCriteriaId\":\"B99833C8-5B06-488B-AA9D-EB29537EFA4C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.3:4313:*:*:*:*:*:*\",\"matchCriteriaId\":\"C89FA4A2-DE65-4175-97BB-F6FF680E2FCA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.3:4314:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C747AD6-CD91-4F39-A64E-E1D65E6743B6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.3:4315:*:*:*:*:*:*\",\"matchCriteriaId\":\"4AFCA86F-9362-4E7A-852F-7E04AB0E8BA6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.3:4316:*:*:*:*:*:*\",\"matchCriteriaId\":\"0E0AFA62-09AF-4EFC-BA63-1870DE8957DD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.3:4317:*:*:*:*:*:*\",\"matchCriteriaId\":\"B2FA7150-0F08-40FC-97D6-7C0059274490\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.3:4318:*:*:*:*:*:*\",\"matchCriteriaId\":\"6714DC81-48B1-452E-8F5A-EDB902EBEA9D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.3:4319:*:*:*:*:*:*\",\"matchCriteriaId\":\"C4DA1CC3-97BA-4A79-ADA5-1DE11AA33FFF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.3:4320:*:*:*:*:*:*\",\"matchCriteriaId\":\"2C6FEEE2-5329-4306-8AA3-DCFBA5BA22A5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.3:4321:*:*:*:*:*:*\",\"matchCriteriaId\":\"46BF0580-880D-42C1-9C1A-483573EB1D90\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.3:4322:*:*:*:*:*:*\",\"matchCriteriaId\":\"B0457FF2-7A42-4E47-B52C-9D02DB236082\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.3:4323:*:*:*:*:*:*\",\"matchCriteriaId\":\"F957AED2-3E30-45B5-AEBF-F263B11B43D9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.3:4324:*:*:*:*:*:*\",\"matchCriteriaId\":\"78A5B8B3-936C-4CA2-9B4F-F207B595DAC4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.3:4325:*:*:*:*:*:*\",\"matchCriteriaId\":\"39DCB3AE-051C-4A02-A138-9685832AD7F6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.3:4326:*:*:*:*:*:*\",\"matchCriteriaId\":\"34713A70-5E56-4134-9A49-5AA7448953CB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.3:4327:*:*:*:*:*:*\",\"matchCriteriaId\":\"97438A0F-C545-408E-8866-81E55F3E28B2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.3:4328:*:*:*:*:*:*\",\"matchCriteriaId\":\"5EC892DB-CDAC-4B11-BDF9-B69A7A8CDA69\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.3:4329:*:*:*:*:*:*\",\"matchCriteriaId\":\"27E5A874-839C-4D6B-9CE8-1CCF797F117A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.3:4330:*:*:*:*:*:*\",\"matchCriteriaId\":\"6BB3D29D-B903-4526-A1B8-A2D6639E24C5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.3:4331:*:*:*:*:*:*\",\"matchCriteriaId\":\"AED6BA35-340A-4FC9-B67F-83B9B6BF5B9A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.3:4332:*:*:*:*:*:*\",\"matchCriteriaId\":\"4E9281D4-D859-44E6-87F4-5ED47A013467\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.3:4333:*:*:*:*:*:*\",\"matchCriteriaId\":\"D48AEDFD-724C-422A-A303-F771EAC1BF05\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.4:4400:*:*:*:*:*:*\",\"matchCriteriaId\":\"7C5E7CE6-F85E-49B2-9078-F661AA3723C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.4:4401:*:*:*:*:*:*\",\"matchCriteriaId\":\"1194B4C2-FBF2-4015-B666-235897971DD0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.4:4402:*:*:*:*:*:*\",\"matchCriteriaId\":\"4F5F0CA5-CEC3-4342-A7D1-3616C482B965\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.4:4403:*:*:*:*:*:*\",\"matchCriteriaId\":\"B7B8A2F3-5F46-40B2-A4E7-118341443C53\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.4:4404:*:*:*:*:*:*\",\"matchCriteriaId\":\"767BF16D-8CD8-4E8A-9A3B-CB11EB48FB9D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.5:4500:*:*:*:*:*:*\",\"matchCriteriaId\":\"0D7CCB86-01F9-4124-9596-6F61F30C7F95\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.5:4501:*:*:*:*:*:*\",\"matchCriteriaId\":\"1676885A-4908-4775-938B-CC91E94B0889\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.5:4502:*:*:*:*:*:*\",\"matchCriteriaId\":\"71EC86C8-5EAE-46A0-8811-08736766DB9E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.5:4503:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F05D24E-285E-40E1-BA60-3A4F1F40F412\"}]}]}],\"references\":[{\"url\":\"https://www.manageengine.com/sharepoint-management-reporting/advisory/CVE-2024-10839.html\",\"source\":\"0fc0942c-577d-436f-ae8e-945763c79b02\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-10839\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-11-08T14:18:42.476990Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-11-08T14:18:53.787Z\"}}], \"cna\": {\"title\": \"XML External Entity\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Zewei Zhang from NSFOCUS TIANJI Lab\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 8.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"ManageEngine\", \"product\": \"SharePoint Manager Plus\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"4503\", \"lessThanOrEqual\": \"4503\"}], \"collectionURL\": \"https://www.manageengine.com/?pos=SharePointMgr\", \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://www.manageengine.com/sharepoint-management-reporting/advisory/CVE-2024-10839.html\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Zohocorp ManageEngine SharePoint Manager Plus versions\\u00a04503 and prior are vulnerable to authenticated XML External Entity (XXE) in the Management option.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Zohocorp ManageEngine SharePoint Manager Plus versions\u0026nbsp;\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003e4503 and prior are vulnerable to authenticated XML External Entity (XXE) in the Management option.\u003c/span\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-611\", \"description\": \"CWE-611 Improper Restriction of XML External Entity Reference\"}]}], \"providerMetadata\": {\"orgId\": \"0fc0942c-577d-436f-ae8e-945763c79b02\", \"shortName\": \"ManageEngine\", \"dateUpdated\": \"2024-11-08T10:58:19.228Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-10839\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-11-08T14:18:57.843Z\", \"dateReserved\": \"2024-11-05T05:54:33.831Z\", \"assignerOrgId\": \"0fc0942c-577d-436f-ae8e-945763c79b02\", \"datePublished\": \"2024-11-08T10:58:19.228Z\", \"assignerShortName\": \"ManageEngine\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

FKIE_CVE-2024-10839

Vulnerability from fkie_nvd - Published: 2024-11-08 11:15 - Updated: 2024-11-13 20:19

Severity

8.5 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Summary

Zohocorp ManageEngine SharePoint Manager Plus versions 4503 and prior are vulnerable to authenticated XML External Entity (XXE) in the Management option.

References

	URL	Tags
	0fc0942c-577d-436f-ae8e-945763c79b02	https://www.manageengine.com/sharepoint-management-reporting/advisory/CVE-2024-10839.html	Vendor Advisory

Impacted products

Vendor	Product	Version
zohocorp	manageengine_sharepoint_manager_plus	4.0
zohocorp	manageengine_sharepoint_manager_plus	4.0
zohocorp	manageengine_sharepoint_manager_plus	4.0
zohocorp	manageengine_sharepoint_manager_plus	4.0
zohocorp	manageengine_sharepoint_manager_plus	4.0
zohocorp	manageengine_sharepoint_manager_plus	4.0
zohocorp	manageengine_sharepoint_manager_plus	4.0
zohocorp	manageengine_sharepoint_manager_plus	4.0
zohocorp	manageengine_sharepoint_manager_plus	4.0
zohocorp	manageengine_sharepoint_manager_plus	4.0
zohocorp	manageengine_sharepoint_manager_plus	4.0
zohocorp	manageengine_sharepoint_manager_plus	4.0
zohocorp	manageengine_sharepoint_manager_plus	4.0
zohocorp	manageengine_sharepoint_manager_plus	4.0
zohocorp	manageengine_sharepoint_manager_plus	4.0
zohocorp	manageengine_sharepoint_manager_plus	4.0
zohocorp	manageengine_sharepoint_manager_plus	4.0
zohocorp	manageengine_sharepoint_manager_plus	4.0
zohocorp	manageengine_sharepoint_manager_plus	4.0
zohocorp	manageengine_sharepoint_manager_plus	4.0
zohocorp	manageengine_sharepoint_manager_plus	4.0
zohocorp	manageengine_sharepoint_manager_plus	4.0
zohocorp	manageengine_sharepoint_manager_plus	4.0
zohocorp	manageengine_sharepoint_manager_plus	4.0
zohocorp	manageengine_sharepoint_manager_plus	4.0
zohocorp	manageengine_sharepoint_manager_plus	4.0
zohocorp	manageengine_sharepoint_manager_plus	4.0
zohocorp	manageengine_sharepoint_manager_plus	4.0
zohocorp	manageengine_sharepoint_manager_plus	4.0
zohocorp	manageengine_sharepoint_manager_plus	4.0
zohocorp	manageengine_sharepoint_manager_plus	4.0
zohocorp	manageengine_sharepoint_manager_plus	4.0
zohocorp	manageengine_sharepoint_manager_plus	4.0
zohocorp	manageengine_sharepoint_manager_plus	4.0
zohocorp	manageengine_sharepoint_manager_plus	4.1
zohocorp	manageengine_sharepoint_manager_plus	4.1
zohocorp	manageengine_sharepoint_manager_plus	4.1
zohocorp	manageengine_sharepoint_manager_plus	4.1
zohocorp	manageengine_sharepoint_manager_plus	4.1
zohocorp	manageengine_sharepoint_manager_plus	4.1
zohocorp	manageengine_sharepoint_manager_plus	4.1
zohocorp	manageengine_sharepoint_manager_plus	4.1
zohocorp	manageengine_sharepoint_manager_plus	4.1
zohocorp	manageengine_sharepoint_manager_plus	4.1
zohocorp	manageengine_sharepoint_manager_plus	4.1
zohocorp	manageengine_sharepoint_manager_plus	4.2
zohocorp	manageengine_sharepoint_manager_plus	4.2
zohocorp	manageengine_sharepoint_manager_plus	4.3
zohocorp	manageengine_sharepoint_manager_plus	4.3
zohocorp	manageengine_sharepoint_manager_plus	4.3
zohocorp	manageengine_sharepoint_manager_plus	4.3
zohocorp	manageengine_sharepoint_manager_plus	4.3
zohocorp	manageengine_sharepoint_manager_plus	4.3
zohocorp	manageengine_sharepoint_manager_plus	4.3
zohocorp	manageengine_sharepoint_manager_plus	4.3
zohocorp	manageengine_sharepoint_manager_plus	4.3
zohocorp	manageengine_sharepoint_manager_plus	4.3
zohocorp	manageengine_sharepoint_manager_plus	4.3
zohocorp	manageengine_sharepoint_manager_plus	4.3
zohocorp	manageengine_sharepoint_manager_plus	4.3
zohocorp	manageengine_sharepoint_manager_plus	4.3
zohocorp	manageengine_sharepoint_manager_plus	4.3
zohocorp	manageengine_sharepoint_manager_plus	4.3
zohocorp	manageengine_sharepoint_manager_plus	4.3
zohocorp	manageengine_sharepoint_manager_plus	4.3
zohocorp	manageengine_sharepoint_manager_plus	4.3
zohocorp	manageengine_sharepoint_manager_plus	4.3
zohocorp	manageengine_sharepoint_manager_plus	4.3
zohocorp	manageengine_sharepoint_manager_plus	4.3
zohocorp	manageengine_sharepoint_manager_plus	4.3
zohocorp	manageengine_sharepoint_manager_plus	4.3
zohocorp	manageengine_sharepoint_manager_plus	4.3
zohocorp	manageengine_sharepoint_manager_plus	4.3
zohocorp	manageengine_sharepoint_manager_plus	4.3
zohocorp	manageengine_sharepoint_manager_plus	4.3
zohocorp	manageengine_sharepoint_manager_plus	4.3
zohocorp	manageengine_sharepoint_manager_plus	4.3
zohocorp	manageengine_sharepoint_manager_plus	4.3
zohocorp	manageengine_sharepoint_manager_plus	4.3
zohocorp	manageengine_sharepoint_manager_plus	4.3
zohocorp	manageengine_sharepoint_manager_plus	4.3
zohocorp	manageengine_sharepoint_manager_plus	4.4
zohocorp	manageengine_sharepoint_manager_plus	4.4
zohocorp	manageengine_sharepoint_manager_plus	4.4
zohocorp	manageengine_sharepoint_manager_plus	4.4
zohocorp	manageengine_sharepoint_manager_plus	4.4
zohocorp	manageengine_sharepoint_manager_plus	4.5
zohocorp	manageengine_sharepoint_manager_plus	4.5
zohocorp	manageengine_sharepoint_manager_plus	4.5
zohocorp	manageengine_sharepoint_manager_plus	4.5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.0:4000:*:*:*:*:*:*",
              "matchCriteriaId": "AF47FC4B-79FE-4AA8-8C67-79F470DCC4D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.0:4001:*:*:*:*:*:*",
              "matchCriteriaId": "04CCC8AC-AA54-46CC-AEFB-B909003AFCFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.0:4002:*:*:*:*:*:*",
              "matchCriteriaId": "DE0916A9-4214-47E2-B27C-6D788856D0C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.0:4003:*:*:*:*:*:*",
              "matchCriteriaId": "6E038A12-04FB-46F9-84FB-6DEEDFD33AB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.0:4004:*:*:*:*:*:*",
              "matchCriteriaId": "E6735D0F-585B-44B9-8088-56E5BAA55834",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.0:4005:*:*:*:*:*:*",
              "matchCriteriaId": "B758CC62-71E8-4BCE-AE57-33FFF2B3B5DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.0:4006:*:*:*:*:*:*",
              "matchCriteriaId": "1C682DA9-EF6E-411D-B732-D8E7EC4B6753",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.0:4007:*:*:*:*:*:*",
              "matchCriteriaId": "E2FC25BF-A17F-4A1A-AC3E-A32703406CFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.0:4008:*:*:*:*:*:*",
              "matchCriteriaId": "F04CD7E2-DA46-486E-BF98-37E675FCAF12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.0:4009:*:*:*:*:*:*",
              "matchCriteriaId": "6F1A2B1F-5D1C-4EF1-8F68-A67B8BAF337D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.0:4010:*:*:*:*:*:*",
              "matchCriteriaId": "3F81E19F-DD6F-4DB2-9F9B-D66C208E9F47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.0:4011:*:*:*:*:*:*",
              "matchCriteriaId": "E1C886EC-0188-4DD6-89E2-D546239A26AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.0:4012:*:*:*:*:*:*",
              "matchCriteriaId": "85921AC2-A6B3-4C72-8A5A-79D9E6351952",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.0:4013:*:*:*:*:*:*",
              "matchCriteriaId": "23F4BC97-29AF-4995-8BDA-D195FDCD014F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.0:4014:*:*:*:*:*:*",
              "matchCriteriaId": "6D4C77B6-AC5C-448D-A11D-49119969DB9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.0:4015:*:*:*:*:*:*",
              "matchCriteriaId": "0658818A-3ACB-404E-8A9D-3106B8952F00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.0:4016:*:*:*:*:*:*",
              "matchCriteriaId": "274E02A5-4D80-4FD3-BD25-EF623D98E55D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.0:4017:*:*:*:*:*:*",
              "matchCriteriaId": "E74F1E9F-38EE-4405-949B-8B82E0911032",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.0:4018:*:*:*:*:*:*",
              "matchCriteriaId": "50E939C9-F6A5-4318-8870-0C4A147769D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.0:4019:*:*:*:*:*:*",
              "matchCriteriaId": "108016CC-A364-4D3A-9F27-23CE0626E8BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.0:4020:*:*:*:*:*:*",
              "matchCriteriaId": "FDA50903-0205-4466-A3C9-EB92AB32A5C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.0:4021:*:*:*:*:*:*",
              "matchCriteriaId": "932FCF03-DADC-4657-A94B-291A22EB1EA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.0:4022:*:*:*:*:*:*",
              "matchCriteriaId": "27C7ABA5-F87C-4325-B785-198B0BB0821E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.0:4023:*:*:*:*:*:*",
              "matchCriteriaId": "66CA28BE-EA62-4D0E-A515-0E487C4303F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.0:4024:*:*:*:*:*:*",
              "matchCriteriaId": "9FD766BD-7E5F-45FE-8794-7F9AE22AC09B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.0:4025:*:*:*:*:*:*",
              "matchCriteriaId": "35B01118-BDF0-408E-B924-779F959E2B6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.0:4026:*:*:*:*:*:*",
              "matchCriteriaId": "1666619C-1634-43C0-BCE5-79FD5F88BF01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.0:4027:*:*:*:*:*:*",
              "matchCriteriaId": "5787B67C-5D51-4356-818F-B4BF8AB2E556",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.0:4028:*:*:*:*:*:*",
              "matchCriteriaId": "90540A89-4C56-4C78-9324-AD2B2F5458A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.0:4029:*:*:*:*:*:*",
              "matchCriteriaId": "E65645F5-8C97-459A-B6DB-6D17E25CFAB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.0:4030:*:*:*:*:*:*",
              "matchCriteriaId": "2D2C643C-C050-4C55-8C24-FB146964BE43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.0:4031:*:*:*:*:*:*",
              "matchCriteriaId": "A3226BE0-1727-4844-B8F5-4E073BEA81D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.0:4032:*:*:*:*:*:*",
              "matchCriteriaId": "32BD2405-3F90-426F-8A4F-812AF7BCCDA4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.0:4033:*:*:*:*:*:*",
              "matchCriteriaId": "BB3F7A3A-E754-45C9-ADA7-BD1752750769",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.1:4100:*:*:*:*:*:*",
              "matchCriteriaId": "9C58D744-00D3-49DA-B0FF-0492035CE294",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.1:4101:*:*:*:*:*:*",
              "matchCriteriaId": "65F43E49-8E92-46A3-AE48-5D8D4FA3544C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.1:4102:*:*:*:*:*:*",
              "matchCriteriaId": "D7D70030-94F0-4372-916E-FE80FCC921D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.1:4103:*:*:*:*:*:*",
              "matchCriteriaId": "76C2DC2E-EE44-4EE2-A030-C29A9A315F2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.1:4104:*:*:*:*:*:*",
              "matchCriteriaId": "11A943BA-C81E-41D9-9518-769117780E58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.1:4105:*:*:*:*:*:*",
              "matchCriteriaId": "28CA92C1-B682-4464-8F42-D1BEDCB36FFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.1:4106:*:*:*:*:*:*",
              "matchCriteriaId": "54BFB77D-4FCE-4DF0-A67D-6E102F348F0D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.1:4107:*:*:*:*:*:*",
              "matchCriteriaId": "21410490-0A09-4DEF-8468-A714F281821B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.1:4108:*:*:*:*:*:*",
              "matchCriteriaId": "44849616-A51B-4E3B-AFE0-346CFA04D23F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.1:4109:*:*:*:*:*:*",
              "matchCriteriaId": "8E663A4C-6F7D-4E95-8031-8676E5B868A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.1:4110:*:*:*:*:*:*",
              "matchCriteriaId": "503FEA89-EF2F-4B20-9AC9-54FBBCE34E8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.2:4200:*:*:*:*:*:*",
              "matchCriteriaId": "4ADA47E0-091F-47CF-B75E-5D46A83AAAB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.2:4201:*:*:*:*:*:*",
              "matchCriteriaId": "134E181C-1E8B-4ABC-9933-D0A73942D672",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.3:4300:*:*:*:*:*:*",
              "matchCriteriaId": "98726F10-CC3D-4A3B-BBAF-34A5157E56F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.3:4301:*:*:*:*:*:*",
              "matchCriteriaId": "6C352082-881A-4E47-B5EE-8235F8CC8E03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.3:4302:*:*:*:*:*:*",
              "matchCriteriaId": "72A0460C-F8A7-4474-BFC7-39A0ED3C2ED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.3:4303:*:*:*:*:*:*",
              "matchCriteriaId": "F15883E0-1568-4C9E-8CEB-3CE5EF45C207",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.3:4304:*:*:*:*:*:*",
              "matchCriteriaId": "54BDC0CB-F777-4F7E-B81B-70F5A1CFC11C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.3:4305:*:*:*:*:*:*",
              "matchCriteriaId": "E5944D38-EE9D-46C8-B2B1-B644F9BFF699",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.3:4306:*:*:*:*:*:*",
              "matchCriteriaId": "76AE6642-34E8-4825-9532-11872BC97BCF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.3:4307:*:*:*:*:*:*",
              "matchCriteriaId": "15EBF790-CC00-42BD-8EFE-161DCBCDF4EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.3:4308:*:*:*:*:*:*",
              "matchCriteriaId": "DAFC0A2A-685A-4660-9859-1ACDBCD5CD51",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.3:4309:*:*:*:*:*:*",
              "matchCriteriaId": "06021DF2-C0A4-4D63-A30B-8B58196C2999",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.3:4310:*:*:*:*:*:*",
              "matchCriteriaId": "2EBA81B7-BF8D-4CA4-9692-3EA514B8B738",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.3:4311:*:*:*:*:*:*",
              "matchCriteriaId": "E3EF5F01-6FFA-4A6C-8102-66B9D89B6B74",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.3:4312:*:*:*:*:*:*",
              "matchCriteriaId": "B99833C8-5B06-488B-AA9D-EB29537EFA4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.3:4313:*:*:*:*:*:*",
              "matchCriteriaId": "C89FA4A2-DE65-4175-97BB-F6FF680E2FCA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.3:4314:*:*:*:*:*:*",
              "matchCriteriaId": "5C747AD6-CD91-4F39-A64E-E1D65E6743B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.3:4315:*:*:*:*:*:*",
              "matchCriteriaId": "4AFCA86F-9362-4E7A-852F-7E04AB0E8BA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.3:4316:*:*:*:*:*:*",
              "matchCriteriaId": "0E0AFA62-09AF-4EFC-BA63-1870DE8957DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.3:4317:*:*:*:*:*:*",
              "matchCriteriaId": "B2FA7150-0F08-40FC-97D6-7C0059274490",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.3:4318:*:*:*:*:*:*",
              "matchCriteriaId": "6714DC81-48B1-452E-8F5A-EDB902EBEA9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.3:4319:*:*:*:*:*:*",
              "matchCriteriaId": "C4DA1CC3-97BA-4A79-ADA5-1DE11AA33FFF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.3:4320:*:*:*:*:*:*",
              "matchCriteriaId": "2C6FEEE2-5329-4306-8AA3-DCFBA5BA22A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.3:4321:*:*:*:*:*:*",
              "matchCriteriaId": "46BF0580-880D-42C1-9C1A-483573EB1D90",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.3:4322:*:*:*:*:*:*",
              "matchCriteriaId": "B0457FF2-7A42-4E47-B52C-9D02DB236082",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.3:4323:*:*:*:*:*:*",
              "matchCriteriaId": "F957AED2-3E30-45B5-AEBF-F263B11B43D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.3:4324:*:*:*:*:*:*",
              "matchCriteriaId": "78A5B8B3-936C-4CA2-9B4F-F207B595DAC4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.3:4325:*:*:*:*:*:*",
              "matchCriteriaId": "39DCB3AE-051C-4A02-A138-9685832AD7F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.3:4326:*:*:*:*:*:*",
              "matchCriteriaId": "34713A70-5E56-4134-9A49-5AA7448953CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.3:4327:*:*:*:*:*:*",
              "matchCriteriaId": "97438A0F-C545-408E-8866-81E55F3E28B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.3:4328:*:*:*:*:*:*",
              "matchCriteriaId": "5EC892DB-CDAC-4B11-BDF9-B69A7A8CDA69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.3:4329:*:*:*:*:*:*",
              "matchCriteriaId": "27E5A874-839C-4D6B-9CE8-1CCF797F117A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.3:4330:*:*:*:*:*:*",
              "matchCriteriaId": "6BB3D29D-B903-4526-A1B8-A2D6639E24C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.3:4331:*:*:*:*:*:*",
              "matchCriteriaId": "AED6BA35-340A-4FC9-B67F-83B9B6BF5B9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.3:4332:*:*:*:*:*:*",
              "matchCriteriaId": "4E9281D4-D859-44E6-87F4-5ED47A013467",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.3:4333:*:*:*:*:*:*",
              "matchCriteriaId": "D48AEDFD-724C-422A-A303-F771EAC1BF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.4:4400:*:*:*:*:*:*",
              "matchCriteriaId": "7C5E7CE6-F85E-49B2-9078-F661AA3723C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.4:4401:*:*:*:*:*:*",
              "matchCriteriaId": "1194B4C2-FBF2-4015-B666-235897971DD0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.4:4402:*:*:*:*:*:*",
              "matchCriteriaId": "4F5F0CA5-CEC3-4342-A7D1-3616C482B965",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.4:4403:*:*:*:*:*:*",
              "matchCriteriaId": "B7B8A2F3-5F46-40B2-A4E7-118341443C53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.4:4404:*:*:*:*:*:*",
              "matchCriteriaId": "767BF16D-8CD8-4E8A-9A3B-CB11EB48FB9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.5:4500:*:*:*:*:*:*",
              "matchCriteriaId": "0D7CCB86-01F9-4124-9596-6F61F30C7F95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.5:4501:*:*:*:*:*:*",
              "matchCriteriaId": "1676885A-4908-4775-938B-CC91E94B0889",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.5:4502:*:*:*:*:*:*",
              "matchCriteriaId": "71EC86C8-5EAE-46A0-8811-08736766DB9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.5:4503:*:*:*:*:*:*",
              "matchCriteriaId": "5F05D24E-285E-40E1-BA60-3A4F1F40F412",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Zohocorp ManageEngine SharePoint Manager Plus versions\u00a04503 and prior are vulnerable to authenticated XML External Entity (XXE) in the Management option."
    },
    {
      "lang": "es",
      "value": "Las versiones 4503 y anteriores de Zohocorp ManageEngine SharePoint Manager Plus son vulnerables a la entidad externa XML autenticada (XXE) en la opci\u00f3n de administraci\u00f3n."
    }
  ],
  "id": "CVE-2024-10839",
  "lastModified": "2024-11-13T20:19:01.647",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 8.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 3.1,
        "impactScore": 4.7,
        "source": "0fc0942c-577d-436f-ae8e-945763c79b02",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-11-08T11:15:03.603",
  "references": [
    {
      "source": "0fc0942c-577d-436f-ae8e-945763c79b02",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.manageengine.com/sharepoint-management-reporting/advisory/CVE-2024-10839.html"
    }
  ],
  "sourceIdentifier": "0fc0942c-577d-436f-ae8e-945763c79b02",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-611"
        }
      ],
      "source": "0fc0942c-577d-436f-ae8e-945763c79b02",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-611"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-4R2R-HJRW-MPQ6

Vulnerability from github – Published: 2024-11-08 12:31 – Updated: 2024-11-13 21:30

Details

Zohocorp ManageEngine SharePoint Manager Plus versions 4503 and prior are vulnerable to authenticated XML External Entity (XXE) in the Management option.

Severity

8.5 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-10839"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-611"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-11-08T11:15:03Z",
    "severity": "HIGH"
  },
  "details": "Zohocorp ManageEngine SharePoint Manager Plus versions\u00a04503 and prior are vulnerable to authenticated XML External Entity (XXE) in the Management option.",
  "id": "GHSA-4r2r-hjrw-mpq6",
  "modified": "2024-11-13T21:30:31Z",
  "published": "2024-11-08T12:31:12Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-10839"
    },
    {
      "type": "WEB",
      "url": "https://www.manageengine.com/sharepoint-management-reporting/advisory/CVE-2024-10839.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2024-10839 (GCVE-0-2024-10839)

FKIE_CVE-2024-10839

GHSA-4R2R-HJRW-MPQ6

Tags

Sightings

Nomenclature