CVE-2024-30043
Microsoft SharePoint Server Information Disclosure Vulnerability
In short
A vulnerability in Microsoft SharePoint Server allows an authenticated attacker to read sensitive information from the server by exploiting improper XML External Entity (XXE) processing. This could expose confidential data without requiring special privileges.
Technical detail
XXE vulnerability (CWE-611) in SharePoint Server's XML parsing mechanism allows authenticated users to disclose sensitive information through external entity expansion. Attack requires valid user credentials and network access to the SharePoint instance; impact is confidentiality breach with CVSS 6.5.
Summary generated and translated by AI from the official description.
Microsoft SharePoint Server Information Disclosure Vulnerability
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Affected products
Microsoft · Microsoft SharePoint Enterprise Server 2016Microsoft · Microsoft SharePoint Server 2019Microsoft · Microsoft SharePoint Server Subscription EditionWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →