CVE-2024-10839

CWE-611 — XML External Entity (XXE)3 documents3 sources

Severity

8.1HIGH

EPSS

0.2%

top 63.03%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Manageengine Sharepoint Manager Plus Zohocorp Manageengine Sharepoint Manager Plus

Timeline

PublishedNov 8

Description

Zohocorp ManageEngine SharePoint Manager Plus versions 4503 and prior are vulnerable to authenticated XML External Entity (XXE) in the Management option.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:LExploitability: 3.1 | Impact: 4.7

Affected Packages2 packages

▶NVDzohocorp/manageengine_sharepoint_manager_plus6 versions+5

▶CVEListV5manageengine/sharepoint_manager_plus4503

🔴Vulnerability Details

GHSA

GHSA-4r2r-hjrw-mpq6: Zohocorp ManageEngine SharePoint Manager Plus versions 4503 and prior are vulnerable to authenticated XML External Entity (XXE) in the Management opti↗2024-11-08

▶

CVEList

XML External Entity↗2024-11-08

▶