Remote Code Execution Vulnerability Affects Microsoft SharePoint Server
CVE-2024-21318

8.8HIGH

Key Information:

Vendor: Microsoft
Status: Microsoft Sharepoint Enterprise Server 2016; Microsoft Sharepoint Server 2019; Microsoft Sharepoint Server Subscription Edition
Vendor: CVE Published:; 9 January 2024

Badges

📰 News Worthy

Summary

The remote code execution vulnerability in Microsoft SharePoint Server allows attackers to execute arbitrary code on affected instances. When successfully exploited, this vulnerability grants unauthorized access, leading to potential data breaches and system compromise. Organizations using SharePoint Server are advised to apply the necessary security updates to mitigate risks associated with this vulnerability. For detailed information, consult the official Microsoft security advisory.

Affected Version(s)

Microsoft SharePoint Enterprise Server 2016 x64-based Systems 16.0.0 < 16.0.5430.1000

Microsoft SharePoint Server 2019 x64-based Systems 16.0.0 < 16.0.10406.20000

Microsoft SharePoint Server Subscription Edition x64-based Systems 16.0.0 < 16.0.10406.20000

News Articles

SC Magazine

CVE-2024-20674 CVE-2024-20700

Microsoft fixes 48 bugs in January Patch Tuesday, none of them zero-days

Security pros noted that the first Patch Tuesday of 2024 was the second consecutive release by Microsoft with no zero-days.

1 year ago

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

📰
First article discovered by SC Magazine
Jan 10, 2024
Vulnerability published
Jan 9, 2024
Vulnerability Reserved
Dec 8, 2023

Collectors

NVD DatabaseMitre DatabaseMicrosoft Feed1 News Article(s)