Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-24306: SharePoint Management and Auditing by ManageEngine SharePoint Manager Plus

Zoho ManageEngine SharePoint Manager Plus before 4329 allows account takeover because authorization is mishandled.

CVE
#sql#web#windows#microsoft#java

SharePoint Manager Plus Release Notes****Build 4329 (Feb 2022)

Fixes:

  • Account take-over due to improper authorisation (CVE-2022-24306) reported by Sahil Dhar has been fixed now.
  • Privilege escalation leads to sensitive data leak (CVE-2022-24305) reported by Sahil Dhar, has been fixed.
  • Issue in selecting target location in File Share Import for lists having more than 5000 items has been fixed.
  • Issue in monitoring site storage alerts has been fixed.
  • Issue in adding/removing permissions for custom level permissions has been fixed.
  • Issue in exporting the reports when search filter is applied has been fixed.

Build 4328 (Nov 2021)

Enhancements:

  • The Schedule report feature has been enhanced by adding the Run Now option which will trigger the report generation immediately.

Fixes:

  • Issue with the username format in on-premises configuration has been fixed.
  • Issue in the product upgrade has been fixed.
  • Issue with the page navigation in list, list items, and IIS reports has been fixed.
  • Issue in Postgres DB backup has been fixed.
  • Issue in archive audit exports has been fixed.

Build 4327 (Sep 2021)

Enhancements:

  • Improved product GUI.
  • SharePoint Manager Plus now supports the Chinese language.
  • Custom schedule option to sync both report and audit data.
  • File Share Import feature in SharePoint Manager Plus can now import files to OneDrive.

Fixes:

  • Azure authentication bug in Microsoft 365 tenant configuration is fixed.
  • SharePoint Server 2019 configuration issue is fixed.
  • An issue in List Items report is fixed.
  • An issue in File Share Import feature is fixed.
  • Security bug fixes.

Build 4326 (Feb 2021)

New Features:

  • File Share Import - To import files from your file system / network drives to SharePoint or Office 365.

Enhancement:

  • IIS configuration using SMBv2.
  • Site collection filter added in granular permission management.

Fixes:

  • Monitoring service health issue for MFA account.
  • Online traffic reports issue fixed.
  • On-premise configuration tips were added.
  • Timestamp issue in the audit report fixed.
  • List item report issue fixed.
  • SharePoint authentication reduced.

Build 4325 (Sep 2020)

Fixes:

  • Technician domain discovery issue fixed.
  • Management history and operator issues fixed.

Build 4324 (Aug 2020)

Enhancements:

  • PostgreSQL database that comes bundled with SharePoint Manager Plus has been updated from version 4.03-4.12.

Fixes:

  • O365 configuration issue.
  • Reports sync issue.

Build 4323 (May 2020)

Fixes:

  • Issue in syncing data for O365 tenant is fixed.

Build 4322 (May 2020)

Fixes:

  • Issue in loading list items in Permission management - granular when list items > 5000 is fixed.
  • Issue in syncing data for O365 tenant is fixed.
  • Issue in syncing O365 traffic data is fixed.

Build 4321 (Apr 2020)

Enhancements:

  • Alert profiles with advanced filters such as user name, site title, item type, etc. can be configured to users, events, and items.
  • Audit Analytics now provides details about the count of page views, the users who viewed the page, etc. .
  • Tenant storage can now be monitored.
  • Option to add custom reports to multiple technicians.

Fixes:

  • Problems with generating custom reports via scheduler have been fixed.
  • People picker taking a long time to load users is now fixed.

Build 4320 (Feb 2020)

New Features:

  • Granular level management: Now you can manage permissions at the list and document library level.

Enhancement:

  • Can configure product to function without modern authentication.

Fixes:

  • Column search issue in archive file search has been fixed.
  • Time zone issue in audits has been fixed.
  • Adding more than 10 conditions in advanced search has been fixed.
  • Issue in loading O365 users in user management has been fixed.
  • Issue in loading custom permissions in permissions management has been fixed.
  • Issue in adding network share in schedule reports has been fixed.

Build 4319 (Dec 2019)

New Features:

  • Granular list reports: Reports now contain information on lists, list items, and their permissions.
  • Custom reports: Existing reports can now be customized by adding filters, and saved as new reports.
  • Customizable alerts for O365: New alert profiles can be created for O365 monitoring.

Enhancement:

  • Threshold alert profiles: An alert can be configured when the number of audit events exceeds the set threshold within a specified period.

Fixes:

  • Management Popup: Issue with loading the popup in the management tab for selecting sites is now fixed.
  • Migration: Issue with migrating more that 5000 list items is now fixed.

Build 4318 (Sep 2019)

Hot Fix:

  • Issue with loading sites in the exclude site collections popup is fixed.

Build 4317 (Sep 2019)

New Features:

  • Support for Microsoft SQL Server as the backend database.
  • Cleanup of orphaned users: Sharepoint Manager Plus helps you remove orphaned users who have permissions to access Sharepoint sites, lists, etc., but do not belong to the domain or tenant from both SharePoint on-premises and Online.
  • Site-wise External Users Report: Get insights on user accounts which belong to different tenants in Office 365 and the ones which have been granted exclusive permissions over a particular SharePoint site, list, etc.

Fixes:

  • Issues in migrating lists and list columns has been fixed.
  • Minor security issues have been fixed.

Build 4316 (July 2019)

New Feature:

  • SharePoint Online Monitoring: Provides detailed insights on service health and site statistics.

Enhancement:

  • Option to exclude specific sites and web applications from data synchronization for improved scalability and performance.

Build 4315 (May 2019)

Hot Fix:

  • Issue in processing audit event messages that exceed 4000 characters has been fixed.

Enhancement:

  • Support for site collections created using the new SharePoint admin portal.

Build 4314 (May 2019)

Enhancement:

  • Capability to configure Office 365 in SharePoint Manager Plus without having to enable legacy authentication protocols.
  • MFA-enabled Office 365 accounts can now be used to configure a tenant in SharePoint Manager Plus.
  • Option to add Office 365 users as technicians.
  • Time zone customization: You can change the time zone in SharePoint Manager Plus to suit your preferences.

Fixes:

  • Issue in migrating list items is fixed.
  • Issue in generating reports containing more than 1000 rows is fixed.

Build 4313 (Feb 2019)

Enhancement:

  • SharePoint Manager Plus supports SSL enabled SharePoint On-premises web applications.

Fixes:

  • Issue in configuring a SharePoint On-premises farm due to CredSSP has been fixed.
  • Issue in audit data synchronization has been fixed.

Build 4312 (Jan 2019)

New Features:

  • SharePoint Backup and Restore: You can now backup and restore SharePoint sites and site collections using SharePoint Manager Plus.
  • Backup scheduler: You can automate SharePoint backup by creating schedules.
  • Sharepoint 2019 support: You can now configure Sharepoint 2019.

Enhancements:

  • Now documents can be migrated with version history.

Build 4311 (Dec 2018)

PPM Fix:

  • Issue in enabling SSL port after applying PPM has been fixed.

Build 4310 (Nov 2018)

New Feature:

  • Migrate sites, site users, site groups, permission levels, lists, and document libraries from one version of SharePoint on-premises to another version of SharePoint on-premises or SharePoint Online.

Enhancement:

  • It is now possible to generate IIS log analytics reports for only the desired site collections.

Fixes:

  • Issue in fetching IIS logs has been fixed.
  • Issue in managing permissions on inherited subsites has been fixed.
  • Issue which caused date mismatch in audit data has been fixed.

Build 4309 (Aug 2018)

Hot Fix:

  • Audit sync issue fix.

Build 4308 (July 2018)

Hot Fix:

  • ‘Cannot access the local farm’ error during farm configuration in build 4307 has now been fixed.

Enhancement:

  • Scheduled reports will hereon be delivered as mail attachments.

Build 4307 (Jun 2018)

Enhancements:

  • The time taken to complete farm data synchronization has been reduced.
  • A filter to select site collections has been added in SharePoint on-premises analytic reports.

Fixes:

  • Issue in populating data for traffic reports has been fixed.
  • Issue in synchronization and configuration due to mismatch in CredSSP version has been fixed.
  • Issue in restoring the database when the GDPR settings were enabled has been fixed.

Build 4306 (June 2018)

New feature:

  • Technician audit: Users with administrator privileges can now get complete audit trail that answers ‘what, when, how and where’ for all activities that are carried out by other users.

Enhancements:

  • Multiple enhancements have been made to meet the GDPR compliance requirements such as:
    • Option to enable data masking for Personally Identifiable Information (PII) in exported reports.
    • Password protection can be enabled for reports that are exported in PDF, HTML, XLS and CSV formats.
    • Password protection provided for database backups.

Build 4305 (May 2018)

New feature:

  • Archive file search, which enables users to search through audit data in archives without restoration.

Enhancements:

  • Alerts and their corresponding mail notifications can now be configured upto site level.
  • Reports providing information on visits to pages and documents have been added.
  • Option to migrate permissions of sites, lists, and document libraries has been added.
  • Option to select document version while migrating has been added.
  • Delegation of management and migration tasks to non-administrative users and help desk technicians is now possible.

Fixes:

  • Issue in list and document library migration due to mismatch in dependency DLL versions has been fixed.

Build 4304 (Feb 2018)

New feature:

Online Traffic Reports

  • SharePoint Manager Plus now analyzes SharePoint Online traffic and provides information on the number of hits, unique visitors, and search queries across site collections and sites.

Enhancement:

Folder change audit reports

  • The new group of reports added to the SharePoint Online Auditing module provide information on the folders created, modified, moved, renamed, deleted, and restored.

Fixes:

  • Issue in configuration of site collections in SharePoint 2016 has been fixed.
  • Issue in updating deleted site collections has been fixed.
  • Issue in log generation when running SharePoint Manager Plus has been fixed.
  • Security issue during login has been fixed.
  • Issue which disclosed sensitive information in logs has been fixed.

Build 4303 (Jan 2018)

Enhancements:

  • SharePoint Manager Plus now analyzes traffic in SharePoint 2010 and provides information on site collection and site hits.
  • New SharePoint analytics reports have been added to provide information on unique visitors and hits based on users.

Build 4302 (Dec 2017)

Enhancement:

  • Improved sync performance.

Fixes:

  • Issue in Check permission after upgrading product has been fixed.
  • Blank screen issue while log-in as technician has been fixed.
  • Issue with IIS sync after changing schedule time has been fixed.

Build 4301 (Dec 2017)

Fix:

  • Java heap memory issue has been fixed.
  • Issue in IIS servers sync has been fixed.

Build 4300 (Nov 2017)

New feature:

SharePoint analytics reports

  • SharePoint Manager Plus now has a new set of reports on user activity, failed accesses, broken resources and more.

Enhancement:

  • Java Runtime Environment package has been updated to version 1.8.

Fixes:

  • Issue in SharePoint farm auto discovery has been fixed.
  • Issue with alerts for Sharepoint Online has been fixed.
  • Issue in People picker has been fixed.

Build 4201 (Aug 2017)

New features:

  • Secured connection (https) can now be established by enabling the SSL port.
  • The default port number can now be changed from the SharePoint Manager Plus console.

Enhancement:

  • Permission management can now be performed at SharePoint site-level.

Fix:

  • Migration failure due to DLL referencing conflict has been fixed.

Build 4200 (July 2017)

New feature:

Migrate SharePoint on-premises site to online

  • Site objects such as lists and document libraries, sites users, site groups, permission levels and more can be granularly selected and moved from SharePoint 2010, 2013, and 2016 on-premises to Office 365 SharePoint.

Enhancements:

  • Edit farm server’s display name in the Configuration page.
  • Custom audit reports can now be generated for SharePoint online using the cumulative audit search option.

Fixes:

  • Issue with checking of unique permissions in the Check Permission option has been fixed.
  • Issue with the display message that appears when copying or moving permissions from users and groups with no permissions has been fixed.

Build 4110 (July 2017)

Enhancement:

  • SharePoint Manager Plus can now display the list of disabled users in its 'People Picker’.

Fixes:

  • Rectified the issue in report generation when a custom time period hasn’t been specified.
  • Fixed the issue in exporting the check permissions report.
  • Resolved the issue in forwarding syslogs to Splunk server.

Build 4109 (Jun 2017)

Feature:

  • Option to forward log data in Syslog format and integrate with third party SIEM/log management solutions.

Enhancement:

  • Filter and view report data based upon various criteria in the Advanced Search option.

Fixes:

  • Handling of HTML values in reports.
  • Issue in exporting custom reports.

Build 4108 (Apr 2017)

Fixes:

  • Domain User technician change password issue.
  • Search issue when more than 6 columns are selected for search.
  • Column sorting issue in reports.
  • Search issue when the column has numerical values.

Build 4107 (Mar 2017)

Enhancements:

  • View search keywords and hits on site collections, sites, and site pages for a particular day or month

Fixes:

  • Export issue when there is large data.
  • Archival issue when the archive duration is more than 10 days.
  • Charts issue with excluded site collections data.

Build 4106 (Feb 2017)

Enhancements:

  • Sorting for Report Columns
  • Site Collection Filter for Reports
  • Search option for individual Report Columns

Build 4105 (Feb 2017)

Enhancements:

  • Configuring TLS & SSL in Mail Settings

Fix:

  • Page Navigation Issue in Audit Search Screen

Build 4104 (Jan 2017)

Features:

  • Exclude Site collections across the reports
  • Schedule Reports - “Generate report for specific period”

Enhancements:

  • Product notifications for multiple emails
  • Troubleshoots tips for report generation
  • Traffic reports - sorting based on page views

Fix:

  • Traffic Reports - date based filter issue

Build 4103 (Dec 2016)

Enhancements:

  • Pagination for Restore archive Data Table
  • From Date and To Date Inclusion in Export Reports

Build 4102 (Nov 2016)

Feature:

  • AD Login - SharePoint Manager Plus is now safer with login via Active Directory credentials, in addition to the regular local authentication.

Enhancements:

  • Export results of management operations
  • Operation ID based search
  • Export “Management operation logs”
  • An option to remove “Site collection Administrators”
  • Added details displayed in the copy/move permissions results

Fix:

  • Selection issue in the site collection popup while filtering

Build 4101 (Oct 2016)

Features:

  • Newly added Document Level reports for SharePoint 2010,2013,2016, SharePoint Online/0365 SharePoint (in addition to already available SharePoint document reports such as Checked Out/In Documents, Created/Modified/Deleted Documents, Downloaded/Shared Documents, Permission added/removed documents etc)
    • All Documents
    • Recently created documents
    • Recently Modified documents
    • Document Permissions
    • Documents and Followers

Enhancements:

  • Last 2 days option in date filter

Fixes:

  • Audit Reports UTC/Local time conversion issue fix
  • Reports Export - Border option for .xls export files
  • Management feature related UI Issues

Build 4100 (Sep 2016)

Features:

  • Management
    • Permission Management
    • SharePoint Groups Management
    • Site Collection Administration

Enhancements:

  • Automatic Office 365 audit configuration
  • Technician password reset option for Admin
  • Newly added reports
    • Security Groups(AD) Permission
    • SharePoint Groups Permission
  • Charts for Audit reports

Build 4033 (Aug 2016)

Fixes:

  • User Management - Password Expiry Issue
  • Export Issue when a column has no data

Build 4032 (Jul 2016)

Enhancements:

  • Search Traffic Reports for SharePoint 2013
  • Handling local time in Audit reports

Build 4031 (Jul 2016)

Features:

  • Online Site Collection Configuration
  • Traffic & Usage Reports for SharePoint server 2013

Enhancements:

  • Office 365 SharePoint Reports
    • Inactive SharePoint Users
    • Deleted SharePoint Users
  • Additional OnPremise SharePoint Audit Reports
    • Recently Downloaded Documents
    • Recently Shared Documents
    • Recently Renamed Documents
    • Permission Removed Documents
    • Permission Added Documents
    • Recently Visited Sites
    • Recently Visited WebPages
  • Archive and Restore for Traffic Reports and Office 365 SharePoint Audit Reports
  • Top SharePoint Site activities chart for SharePoint Online and drill down
  • Date Range Picker in Reports and Office 365 Reports tab
  • Alerts Enhancement for SharePoint Online
  • UI enhancements in Table View
  • Login Page UI Change

Fixes:

  • Default last selection in drop down issue fix
  • Syncing Message retaining in Page Refresh and other tabs
  • “Site Title” issue in Audit Reports
  • Showing size column in MB format in report exports

Build 4030 (Jun 2016)

Enhancements:

  • Handling Online Tenant URL
  • Sync Update for Lists and Document Libraries
  • Audit Sync Interval customization

Build 4029 (Jun 2016)

Enhancement:

  • Farm Discovery for SharePoint 2016

Fix:

  • Carriage Return issue while Syncing server data

Build 4028 (May 2016)

Fixes:

  • New Line Character handling Issue while syncing server data

Build 4027 (May 2016)

Feature:

  • OneDrive for Business Reports (SharePoint Online)
    • Documents and Followers
    • Recently Created Documents
    • Document Permissions
    • Recently Modified Documents
    • Documents Unmodified for 2 Months
    • All Documents
    • Folder Permissions
    • All Folders

Enhancements:

  • Newly Added Audit Reports ( SharePoint Server 2016, 2013, 2010)
    • Farm Administrators Added
    • Farm Administrators Removed

Fixes:

  • Audit Reports TimeZone from UTC to Local TimeZone

Build 4026 (May 2016)

Feature:

  • Office-365 SharePoint Audit

Enhancement:

  • Inclusion of Explicit and Inherited Permissions field for sites in Explorer

Build 4025 (May 2016)

Enhancements:

  • Support for multiple users in Master Audit Search
  • Farm Auto discovery sync initiation changes
  • Performance enhancement for report generation

Build 4024 (Apr 2016)

Enhancements:

  • Implementation of Windows Management Instrumentation(WMI) method to update initial power-shell settings.

Fixes:

  • Service Pack update issue while updating database data

Build 4023 (Apr 2016)

Enhancements:

  • Initial Power-Shell Settings automation enhancement

Build 4022 (Apr 2016)

Enhancements:

  • Trouble-Shooting tips for Farm Configuration page

Fixes:

  • “Sync in progress” message for online reports

Build 4021 (Apr 2016)

Enhancements:

  • Newly added audit reports
    • Site Collection Administrators added,
    • Site Collection Administrators removed,
    • Items moved to recycle bin,
    • Permanently deleted items
  • “Last 10 days SharePoint Site Activities” Chart drill down to corresponding activity audit reports
  • Newly added reports grouping
    • Statistical reports
    • Activity reports
    • Standard Enforcement reports
  • Newly added audit reports grouping
    • User & Group Changes
    • Content Activities

Build 4020 (Mar 2016)

Fixes:

  • Automatic Heap memory allocation
  • Web Application data fetching issue

Build 4019 (Mar 2016)

Enhancement:

  • Farm Configuration Optimization

Fixes:

  • Initial Powershell setting hanging Issue

Build 4018 (Feb 2016)

Enhancement:

  • List/Document Libraries Permissions for SharePoint Online

Fixes:

  • Audit Reports Date conversion Issue
  • Retaining Farm filter in reports directed from dashboard

Build 4017 (Feb 2016)

Feature:

  • Cumulative Audit Report

Enhancements:

  • List and Document Libraries Explicit and Inherited Permissions fields inclusion in Explorer
  • License Expiry Mail Notification

Issues:

  • Perpetual License Notification Handling
  • Site Collection Storage Size Issue Fixes
  • Mail Server configuration

Build 4016 (Feb 2016)

Feature:

  • Site Collection Configuration

Enhancement:

  • Audit Data Retrieval Optimization

Issues:

  • Value does not fall in the range Exception

Build 4015 (Feb 2016)

Issues:

  • Web Applications Server Data - Null pointer Exception Handling
  • Explorer i18n issue fix for lists and libraries section title
  • Audit Time Stamp Handling Issue
  • Audit Event Details - Issue in “Group Member Added” and “Permission Changes”

Build 4014 (Jan 2016)

Issues:

  • Internationalization(i18n) issues

Build 4013 (Dec 2015)

Feature:

  • Schedule Audit Reports
  • Audit Event Details for each audit reports
  • Scheduled Reports storage in User Desired Location

Enhancement:

  • Option to provide Multiple email addresses in schedule reports and alerts

Build 4012 (Dec 2015)

Feature:

  • Audit Settings Management - Manage Audit Settings for all SharePoint Site Collections from a single console

Fixes:

  • Office 365 Admin Tenant URL Validation

Build 4011 (Nov 2015)

Fixes:

  • SharePoint Online Objects Summary Issue

Build 4010 (Nov 2015)

Feature:

  • Sync Data Customization

Enhancements:

  • Frequency of fetching Audit data has been optimized
  • Audit Alerts enhancement

Fixes:

  • Dashboard objects count issue
  • Product Architecture entry in License link
  • Determining SharePoint Server Version

Build 4009 (Nov 2015)

Fixes:

  • Reports - Data Append Issue during Schedule Sync

Build 4008 (Nov 2015)

Feature:

  • User Delegation - Tab wise Delegation (Reports / Online Reports / Audit Reports)
  • Provision to apply Service Pack

Fixes:

  • Data Encoding Issue while fetching SharePoint Data for languages other than English

Build 4007 (Nov 2015)

Feature:

  • User Delegation - Delegation of Farms and Site Collections

Enhancement:

  • Automation of Cred-ssp configuration

Fixes:

  • Password update Issue for farm servers
  • Addition of Build number and Product Architecture entries in License link

Build 4006 (Oct 2015)

Fixes:

  • Handling Sync Exception due to Powershell memory Issues
  • Included commands to increase maximum memory allocated per shell and concurrent shells allowed per user in help document

Build 4005 (Oct 2015)

Fixes:

  • Password handling Issue during Server Side Installation

Build 4004 (Oct 2015)

Enhancement:

  • Performance enhancement in fetching SharePoint Audit data

Fixes:

  • Out-of-memory Issue while syncing bulk audit data has been fixed.

Build 4003 (Oct 2015)

Fixes:

  • Transaction Timeout value of Sync Scheduler has been increased
  • Site URL and Description Column size has been increased
  • Audit Time-stamp handling Issue
  • Application Change password Issue

Build 4002 (Oct 2015)

Fixes:

  • Farm Configuration Issue for password with Special characters
  • Product version column size has been increased
  • Farm Result Issue during “Double Hop Authentication”
  • Dashboard Farm Picker Selection Issue

Build 4001 (Sep 2015)

Enhancements:

  • “Double Hop Authentication” support via CredSSP authentication
  • Handling of Session expiry in Client side.

Fixes:

  • Listing Subsites Issue for Sharepoint 2010 hierarchy in Explorer.
  • Intermittent IE Issue :Unrecognized “#” expression error is fixed, while the user navigates to the explorer tab.
  • Wrapper heap size increased from 256 MB to 512 MB.

General Availability of SharePoint Manager Plus Version 4.0 (Build 4000)

Features

  • SharePoint server monitoring: ManageEngine SharePoint Manager Plus helps in monitoring and auditing both on-premises and Office 365 SharePoint servers
  • Out-of-the-box reports: Has 50+ out-of-the-box reports that help in providing better visibility into SharePoint server infrastructure. The reports help gaining complete visibility into SharePoint server down to document and list level.
  • Reports for SharePoint Auditing: SharePoint Manager Plus provides reports that eases your SharePoint server auditing. The solution provides reports for permission changes, list and document library status, and much more
  • Alerting: Provides email alert notifications for any critical change happening in site collections, sites, document libraries, lists, and list items. The solution also provides alerts for security auditing such as permission changes, group level modifications, new role additions and more
  • Archiving audit data: The solution helps in secure archiving of audit data. At any point of time, you load the archive data back into the database and generate reports out of it.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907