PT-2024-16580 · Zoho · Zoho Manageengine Sharepoint Manager Plus
Zewei Zhang
·
Published
2024-11-08
·
Updated
2024-11-13
·
CVE-2024-10839
CVSS v3.1
8.5
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L |
Name of the Vulnerable Software and Affected Versions
ManageEngine SharePoint Manager Plus versions 4503 and prior
Description
The issue is an authenticated XML External Entity (XXE) vulnerability in the Management option. This vulnerability impacts specific versions of the software, allowing potential exploitation. Users are urged to update to the latest versions and follow remediation guidelines to mitigate risks.
Recommendations
For ManageEngine SharePoint Manager Plus versions 4503 and prior, update to the latest version to mitigate the risk of exploitation. As a temporary workaround, consider restricting access to the Management option until a patch is available.
Fix
XXE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Zoho Manageengine Sharepoint Manager Plus