Vulnerability Details : CVE-2022-24305
Zoho ManageEngine SharePoint Manager Plus before 4329 is vulnerable to a sensitive data leak that leads to privilege escalation.
Vulnerability category: Gain privilege
Products affected by CVE-2022-24305
- cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:-:build_4000:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:-:build_4001:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:-:build_4002:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:-:build_4003:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:-:build_4004:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:-:build_4005:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:-:build_4006:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:-:build_4007:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:-:build_4008:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:-:build_4009:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:-:build_4010:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:-:build_4011:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:-:build_4012:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:-:build_4013:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:-:build_4014:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:-:build_4015:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:-:build_4016:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:-:build_4017:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:-:build_4018:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:-:build_4020:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:-:build_4021:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:-:build_4022:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:-:build_4023:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:-:build_4024:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:-:build_4025:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:-:build_4026:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:-:build_4027:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:-:build_4028:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:-:build_4029:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:-:build_4030:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:-:build_4031:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:-:build_4032:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:-:build_4033:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:-:build_4100:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:-:build_4101:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:-:build_4102:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:-:build_4103:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:-:build_4104:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:-:build_4105:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:-:build_4106:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:-:build_4107:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:-:build_4108:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:-:build_4109:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:-:build_4110:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:-:build_4200:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:-:build_4201:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:-:build_4300:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:-:build_4301:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:-:build_4302:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:-:build_4303:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:-:build_4304:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:-:build_4305:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:-:build_4306:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:-:build_4307:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:-:build_4308:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:-:build_4309:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:-:build_4310:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:-:build_4311:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:-:build_4312:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:-:build_4313:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:-:build_4314:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:-:build_4315:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:-:build_4316:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:-:build_4317:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:-:build_4318:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:-:build_4319:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:-:build_4320:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:-:build_4321:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:-:build_4322:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:-:build_4323:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:-:build_4324:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:-:build_4325:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:-:build_4326:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:-:build_4327:*:*:*:*:*:*
- cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:-:build_4328:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-24305
1.02%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 84 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-24305
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2022-24305
-
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.Assigned by: nvd@nist.gov (Primary)
References for CVE-2022-24305
-
https://www.manageengine.com/sharepoint-management-reporting/release-notes.html#4329
What's new in SharePoint Manager Plus?Release Notes;Vendor Advisory
Jump to