Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2024-38023

7.2HIGH

Key Information:

Vendor: Microsoft
Status: Microsoft Sharepoint Enterprise Server 2016; Microsoft Sharepoint Server 2019; Microsoft Sharepoint Server Subscription Edition
Vendor: CVE Published:; 9 July 2024

Summary

Microsoft SharePoint Server contains a vulnerability that enables remote code execution, potentially allowing an attacker to execute arbitrary code on the affected system. This security flaw could lead to unauthorized access and manipulation of sensitive data. Organizations using SharePoint Server must prioritize patching and updating their systems to mitigate risks associated with this vulnerability. The vulnerability impacts multiple versions of the server, highlighting the need for comprehensive security assessments and adherence to best practices in cybersecurity.

Affected Version(s)

Microsoft SharePoint Enterprise Server 2016 x64-based Systems 16.0.0 < 16.0.5456.1000

Microsoft SharePoint Server 2019 x64-based Systems 16.0.0 < 16.0.10412.20001

Microsoft SharePoint Server Subscription Edition x64-based Systems 16.0.0 < 16.0.17328.20424

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 9, 2024

Collectors

NVD DatabaseMitre DatabaseMicrosoft Feed