Microsoft SharePoint Elevation of Privilege Vulnerability
CVE-2024-43503

7.8HIGH

Key Information:

Vendor: Microsoft
Status: Microsoft Sharepoint Enterprise Server 2016; Microsoft Sharepoint Server 2019; Microsoft Sharepoint Server Subscription Edition
Vendor: CVE Published:; 8 October 2024

Summary

An elevation of privilege vulnerability exists in Microsoft SharePoint that could allow an authenticated attacker to gain elevated permissions on affected installations. This vulnerability allows attackers to exploit the system to perform unauthorized actions, which can result in data exposure and breach of confidentiality. Maintaining software updates and adhering to best practices in security is crucial to mitigate potential risks stemming from this vulnerability.

Affected Version(s)

Microsoft SharePoint Enterprise Server 2016 x64-based Systems 16.0.0 < 16.0.5469.1000

Microsoft SharePoint Server 2019 x64-based Systems 16.0.0 < 16.0.10415.20001

Microsoft SharePoint Server Subscription Edition x64-based Systems 16.0.0 < 16.0.17928.20162

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 8, 2024
Vulnerability Reserved
Aug 14, 2024

Collectors

NVD DatabaseMitre DatabaseMicrosoft Feed