Microsoft SharePoint Server Information Disclosure Vulnerability
CVE-2024-32987

7.5HIGH

Key Information:

Vendor: Microsoft
Status: Microsoft Sharepoint Enterprise Server 2016; Microsoft Sharepoint Server 2019; Microsoft Sharepoint Server Subscription Edition
Vendor: CVE Published:; 9 July 2024

What is CVE-2024-32987?

A vulnerability in Microsoft SharePoint Server allows for information disclosure, potentially exposing sensitive data to unauthorized users. This issue affects several versions of SharePoint Server, where improperly configured settings could lead to confidentiality breaches. Organizations using affected SharePoint versions should prioritize reviewing their configurations and applying necessary mitigations to safeguard against unauthorized access.

Affected Version(s)

Microsoft SharePoint Enterprise Server 2016 x64-based Systems 16.0.0 < 16.0.5456.1000

Microsoft SharePoint Server 2019 x64-based Systems 16.0.0 < 16.0.10412.20001

Microsoft SharePoint Server Subscription Edition x64-based Systems 16.0.0 < 16.0.17328.20424

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

EPSS Score

14% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 9, 2024